diff options
| author | Simon McVittie <smcv@debian.org> | 2016-07-28 11:30:30 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2016-07-28 11:30:30 +0100 |
| commit | 20e3655a10ce25fde2e09f65a7f275bd16efb6d3 (patch) | |
| tree | e918ac58a847efa6974138b653a15be08ad30577 /doc/news | |
| parent | 6264e91bac119ed783232a2bc607accd0a6c4d3c (diff) | |
| download | ikiwiki-20e3655a10ce25fde2e09f65a7f275bd16efb6d3.tar ikiwiki-20e3655a10ce25fde2e09f65a7f275bd16efb6d3.tar.gz | |
Announce 3.20160728
Diffstat (limited to 'doc/news')
| -rw-r--r-- | doc/news/version_3.20150329.mdwn | 34 | ||||
| -rw-r--r-- | doc/news/version_3.20160728.mdwn | 9 |
2 files changed, 9 insertions, 34 deletions
diff --git a/doc/news/version_3.20150329.mdwn b/doc/news/version_3.20150329.mdwn deleted file mode 100644 index 7e0d3e0bc..000000000 --- a/doc/news/version_3.20150329.mdwn +++ /dev/null @@ -1,34 +0,0 @@ -ikiwiki 3.20150329 released with [[!toggle text="these changes"]]. This is a -security update fixing a cross-site scripting vulnerability. - -[[!toggleable text=""" - [ [[Joey Hess|joey]] ] - - * Fix NULL ptr deref on ENOMEM in wrapper. (Thanks, igli) - - [ [[Simon McVittie|smcv]] ] - - * Really don't double-decode CGI submissions, even on Perl versions that - bundle an old enough Encode.pm for that not to be a problem: the - system might have a newer Encode.pm installed separately, like Fedora 20. - (Closes: [[!debbug 776181]]; thanks, Anders Kaseorg) - * If neither timezone nor TZ is set, set both to :/etc/localtime if - we're on a GNU system and that file exists, or GMT otherwise - * t/inline.t: accept translations of "Add a new post titled:" - (Closes: [[!debbug 779365]]) - * Consistently document command-line options as e.g. --refresh, not -refresh - - [ [[Amitai Schlair|schmonz]] ] - - * In VCS-committed anonymous comments, link to url. - - [ [[Joey Hess|joey]] ] - - * Fix XSS in openid selector. Thanks, Raghav Bisht. - (Closes: [[!debbug 781483]]) -"""]] - -In addition, version 3.20141016.2 was released on the same day to backport -the cross-site-scripting fix to Debian 8. - -[[!meta date="2015-03-29 22:46:39 +0100"]] diff --git a/doc/news/version_3.20160728.mdwn b/doc/news/version_3.20160728.mdwn new file mode 100644 index 000000000..6836a9b79 --- /dev/null +++ b/doc/news/version_3.20160728.mdwn @@ -0,0 +1,9 @@ +ikiwiki 3.20160728 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Explicitly remove current working directory from Perl's library + search path, mitigating [[!cve CVE-2016-1238]] (see [[!debbug 588017]]) + * wrappers: allocate new environment dynamically, so we won't overrun + the array if third-party plugins add multiple environment variables. + * Standards-Version: 3.9.8 (no changes required) + +--[[smcv]]"""]] |