diff options
| author | smcv <smcv@web> | 2016-05-06 15:14:09 -0400 |
|---|---|---|
| committer | admin <admin@branchable.com> | 2016-05-06 15:14:09 -0400 |
| commit | dfadaa0bf91666859ef3760520b108aac730cee2 (patch) | |
| tree | 23347d6a7316df7e8988babc9cf6a890d3d21795 /doc/news | |
| parent | 455be983c05fc2f08fe8d54c18391aab95e5b9ee (diff) | |
| download | ikiwiki-dfadaa0bf91666859ef3760520b108aac730cee2.tar ikiwiki-dfadaa0bf91666859ef3760520b108aac730cee2.tar.gz | |
escape directive properly; add paragraph breaks
Diffstat (limited to 'doc/news')
| -rw-r--r-- | doc/news/version_3.20160506.mdwn | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/doc/news/version_3.20160506.mdwn b/doc/news/version_3.20160506.mdwn index 650588c6e..331a48b6b 100644 --- a/doc/news/version_3.20160506.mdwn +++ b/doc/news/version_3.20160506.mdwn @@ -1,15 +1,19 @@ News for ikiwiki 3.20160506: To mitigate [[!cve CVE-2016-3714]] and similar ImageMagick security vulnerabilities, - the `[[!img]]` directive is now restricted to these common web formats by + the `\[[!img]]` directive is now restricted to these common web formats by default: + * JPEG (`.jpg`, `.jpeg`) * PNG (`.png`) * GIF (`.gif`) * SVG (`.svg`) + (In particular, by default resizing PDF files is no longer allowed.) + Additionally, resized SVG files are displayed in the browser as SVG instead of being converted to PNG. + If all users who can attach images are fully trusted, this restriction can be removed with the new img\_allowed\_formats setup option. See [[ikiwiki/directive/img]] for more details. |