X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/937b24e0cf98d75dd353d80267efddcecab9e908..9da467f063231185de7b336c36a62c08d1258ff4:/debian/NEWS?ds=sidebyside diff --git a/debian/NEWS b/debian/NEWS index 68f0a207b..f7d76649d 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,15 +1,47 @@ -ikiwiki (3.20100505) UNRELEASED; urgency=low +ikiwiki (3.20120629.2+deb7u1) wheezy-security; urgency=medium - There is a significant change to the page.tmpl template in this version. - If you have locally modified versions of that template, you will need - to update it to contain the following in the HTML
: + To mitigate CVE-2016-3714 and similar ImageMagick security vulnerabilities, + the [[!img]] directive is now restricted to these common web formats by + default: + + * JPEG (.jpg, .jpeg) + * PNG (.png) + * GIF (.gif) + * SVG (.svg) + + (In particular, by default resizing PDF files is no longer allowed.) + + Additionally, resized SVG files are displayed in the browser as SVG + instead of being converted to PNG. + + If all users who can attach images are fully trusted, this restriction + can be removed with the new img_allowed_formats setup option. + See