aboutsummaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2007-03-21 18:52:56 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2007-03-21 18:52:56 +0000
commitc8b4ba354f82fbbcebbbfca65b40a047f9920525 (patch)
tree6dd5bd85031e42da9a3c65d1c5c3f9bfacfdfcda /debian
parent829d097dc52b6a8f50297406affc67fbc08dccb7 (diff)
downloadikiwiki-c8b4ba354f82fbbcebbbfca65b40a047f9920525.tar
ikiwiki-c8b4ba354f82fbbcebbbfca65b40a047f9920525.tar.gz
* Fix a security hole that allowed insertion of unsafe content via the meta
plugins's support for inserting html link and meta tags. Now such content is passed through the htmlscrubber like everything else. * Unfortunatly, that means that some valid uses of those tags are no longer usable, and special case methods needed to be added for including stylesheets, and for doing openid delegation. If you use either of these in your wiki, it will need to be modified. See the meta plugin docs for details.
Diffstat (limited to 'debian')
-rw-r--r--debian/NEWS10
-rw-r--r--debian/changelog13
2 files changed, 23 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS
index 69cbbbd88..9ee20b00a 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,13 @@
+ikiwiki (1.47) unstable; urgency=low
+
+ Due to a security fix, wikis that have the htmlscrubber enabled can no
+ longer use the meta plugin to insert html link and meta tags.
+
+ Some special case methods have been added for safely including stylesheets,
+ and for doing openid delegation. See the meta plugin docs for details.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 14:18:40 -0400
+
ikiwiki (1.45) unstable; urgency=low
Wikis need to be rebuilt on upgrade to this version. If you listed your wiki
diff --git a/debian/changelog b/debian/changelog
index 976143aee..42b23945a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+ikiwiki (1.47) UNRELEASED; urgency=low
+
+ * Fix a security hole that allowed insertion of unsafe content via the meta
+ plugins's support for inserting html link and meta tags. Now such content
+ is passed through the htmlscrubber like everything else.
+ * Unfortunatly, that means that some valid uses of those tags are no longer
+ usable, and special case methods needed to be added for including
+ stylesheets, and for doing openid delegation. If you use either of these
+ in your wiki, it will need to be modified. See the meta plugin docs
+ for details.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 14:05:00 -0400
+
ikiwiki (1.46) unstable; urgency=low
* Fix a bug with inlined create page links, including Discussion links on