From dea96e51136ee44971f3e3dafad67f8a5e111c50 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Fri, 6 May 2016 07:49:45 +0100
Subject: Document the security fixes in this release

---
 doc/ikiwiki/directive/img.mdwn | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'doc/ikiwiki')

diff --git a/doc/ikiwiki/directive/img.mdwn b/doc/ikiwiki/directive/img.mdwn
index fa3b40f50..a940a44b6 100644
--- a/doc/ikiwiki/directive/img.mdwn
+++ b/doc/ikiwiki/directive/img.mdwn
@@ -41,4 +41,27 @@ the page, unless overridden. Useful when including many images on a page.
 	\[[!img photo2.jpg]]
 	\[[!img photo3.jpg size=200x600]]
 
+## format support
+
+By default, the `img` directive only supports a few common web formats:
+
+* PNG (`.png`)
+* JPEG (`.jpg` or `.jpeg`)
+* GIF (`.gif`)
+* SVG (`.svg`)
+
+These additional formats can be enabled with the `img_allowed_formats`
+[[!iki setup]] option, but are disabled by default for better
+[[!iki security]]:
+
+* PDF (`.pdf`)
+* `everything` (accepts any file supported by ImageMagick: make sure
+  that only completely trusted users can
+  [[upload attachments|ikiwiki/pagespec/attachment]])
+
+For example, a wiki where only `admin()` users can upload attachments might
+use:
+
+    img_allowed_formats: [png, jpeg, gif, svg, pdf]
+
 [[!meta robots="noindex, follow"]]
-- 
cgit v1.2.3