X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/b481158c14ca8342b28eabbdca1cda3b1c1dd0ff..bcfba8cdb50dcaca9faa182955825670efb15852:/debian/changelog diff --git a/debian/changelog b/debian/changelog index cf2dbf8a4..919814f2f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,48 @@ -ikiwiki (3.20120204) UNRELEASED; urgency=low +ikiwiki (3.20120629.3) UNRELEASED; urgency=medium + + * HTML-escape error messages, in one case avoiding potential cross-site + scripting (CVE-2016-4561, OVE-20160505-0012) + + -- Simon McVittie Sun, 08 May 2016 15:33:51 +0100 + +ikiwiki (3.20120629.2) wheezy; urgency=medium + + [ Joey Hess ] + * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483; + CVE-2015-2793) + + -- Simon McVittie Mon, 06 Apr 2015 20:34:51 +0100 + +ikiwiki (3.20120629.1) wheezy; urgency=medium + + Backport blogspam plugin from experimental, because the version in + wheezy is no longer usable: + + [ Joey Hess ] + * Set Debian package maintainer to Simon McVittie as I'm retiring from + Debian. + + [ Amitai Schlair ] + * blogspam: use the 2.0 JSON API (the 1.0 XML-RPC API has been EOL'd). + Closes: #774441 + + -- Simon McVittie Sat, 17 Jan 2015 11:53:33 +0000 + +ikiwiki (3.20120629) unstable; urgency=low + + * mirrorlist: Add mirrorlist_use_cgi setting that avoids usedirs or + other config differences by linking to the mirror's CGI. (intrigeri) + + -- Joey Hess Fri, 29 Jun 2012 10:16:08 -0400 + +ikiwiki (3.20120516) unstable; urgency=high + + * meta: Security fix; add missing sanitization of author and authorurl. + CVE-2012-0220 Thanks, Raúl Benencia + + -- Joey Hess Wed, 16 May 2012 19:51:27 -0400 + +ikiwiki (3.20120419) unstable; urgency=low * Remove dead link from plugins/teximg. Closes: #664885 * inline: When the pagenames list includes pages that do not exist, skip @@ -6,7 +50,7 @@ ikiwiki (3.20120204) UNRELEASED; urgency=low * meta: Export author information in html tag. Closes: #664779 Thanks, Martin Michlmayr * notifyemail: New plugin, sends email notifications about new and - changed pages. + changed pages, and allows subscribing to comments. * Added a "changes" hook. Renamed the "change" hook to "rendered", but the old hook name is called for now for back-compat. * meta: Support keywords header. Closes: #664780 @@ -14,10 +58,21 @@ ikiwiki (3.20120204) UNRELEASED; urgency=low * passwordauth: Fix url in password recovery email to be absolute. * httpauth: When it's the only auth method, avoid a pointless and confusing signin form, and go right to the httpauthurl. - - -- Joey Hess Wed, 21 Mar 2012 14:33:14 -0400 - -ikiwiki (3.20120203) unstable; urgency=low + * rename: Allow rename to be started not from the edit page; return to + the renamed page in this case. + * remove: Support removing of pages in the transient underlay. (smcv) + * inline, trail: The pagenames parameter is now a list of absolute + pagenames, not relative wikilink type names. This is necessary to fix + a bug, and makes pagenames more consistent with the pagespec used + in the pages parameter. (smcv) + * link: Fix renaming wikilinks that contain embedded urls. + * graphviz: Handle self-links. + * trail: Improve CSS, also display trail links at bottom of page, + and a bug fix. (smcv) + + -- Joey Hess Thu, 19 Apr 2012 15:32:07 -0400 + +ikiwiki (3.20120319) unstable; urgency=low * osm: New plugin to embed an OpenStreetMap into a wiki page. Supports waypoints, tags, and can even draw paths matching