X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/9a275b2f1846d7268c71a740975447e269383849..759c1651c6c263774b60969c9d30061400746722:/doc/security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 378a2e4bc..29cbab6be 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -22,7 +22,7 @@ _(The list of things to fix.)_
 ## commit spoofing
 
 Anyone with direct commit access can forge "web commit from foo" and
-make it appear on [[RecentChanges]] like foo committed. One way to avoid
+make it appear on [[Json.tl.ph]] like foo committed. One way to avoid
 this would be to limit web commits to those done by a certain user.
 
 ## other stuff to look at
@@ -612,7 +612,7 @@ in version 3.20141016.4.
 
 ([[!debcve CVE-2017-0356]]/OVE-20170111-0001)
 
-## Server-side request forgery via aggregate plugin
+## <span id="cve-2019-9187">Server-side request forgery via aggregate plugin</span>
 
 The ikiwiki maintainers discovered that the [[plugins/aggregate]] plugin
 did not use [[!cpan LWPx::ParanoidAgent]]. On sites where the