X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/e02c1bcf3df6b269ed7d5a29a97ea7f8f9464a3d..8c19da175a2265e63c2e0f07879f01b694c5c34a:/debian/NEWS diff --git a/debian/NEWS b/debian/NEWS index f73ac9c3d..c8a35093e 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,32 @@ +ikiwiki (3.20120629.2+deb7u1) wheezy-security; urgency=medium + + To mitigate CVE-2016-3714 and similar ImageMagick security vulnerabilities, + the [[!img]] directive is now restricted to these common web formats by + default: + + * JPEG (.jpg, .jpeg) + * PNG (.png) + * GIF (.gif) + * SVG (.svg) + + (In particular, by default resizing PDF files is no longer allowed.) + + Additionally, resized SVG files are displayed in the browser as SVG + instead of being converted to PNG. + + If all users who can attach images are fully trusted, this restriction + can be removed with the new img_allowed_formats setup option. + See for more details. + + -- Simon McVittie Mon, 09 May 2016 22:38:35 +0100 + +ikiwiki (3.20110122) unstable; urgency=low + + If you have custom CSS that uses "#feedlinks" or "#blogform", you will + need to change it to instead use ".feedlinks" and ".blogform" + + -- Joey Hess Fri, 14 Jan 2011 14:34:54 -0400 + ikiwiki (3.20100515) unstable; urgency=low There are two significant changes to the page.tmpl template in this version.