3.20161229.1

2 files changed, 5 insertions, 49 deletions

diff --git a/doc/news/version_3.20160506.mdwn b/doc/news/version_3.20160506.mdwn
deleted file mode 100644
index 6800a3022..000000000
--- a/doc/news/version_3.20160506.mdwn
+++ /dev/null
@@ -1,49 +0,0 @@
-News for ikiwiki 3.20160506:
-
-   To mitigate [[!cve CVE-2016-3714]] and similar ImageMagick security vulnerabilities,
-   the `\[[!img]]` directive is now restricted to these common web formats by
-   default:
-
-   * JPEG (`.jpg`, `.jpeg`)
-   * PNG (`.png`)
-   * GIF (`.gif`)
-   * SVG (`.svg`)
-
-   (In particular, by default resizing PDF files is no longer allowed.)
-
-   Additionally, resized SVG files are displayed in the browser as SVG
-   instead of being converted to PNG.
-
-   If all users who can attach images are fully trusted, this restriction
-   can be removed with the new img\_allowed\_formats setup option.
-   See [[ikiwiki/directive/img]] for more details.
-
-ikiwiki 3.20160506 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * [ [[Simon McVittie|smcv]] ]
-   * HTML-escape error messages, in one case avoiding potential cross-site
-     scripting ([[!cve CVE-2016-4561]], OVE-20160505-0012)
-   * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714:
-     - img: force common Web formats to be interpreted according to extension,
-       so that "allowed\_attachments: '*.jpg'" does what one might expect
-     - img: restrict to JPEG, PNG and GIF images by default, again mitigating
-       CVE-2016-3714 and similar vulnerabilities
-     - img: check that the magic number matches what we would expect from
-       the extension before giving common formats to ImageMagick
-   * d/control: use https for Homepage
-   * d/control: add Vcs-Browser
- * [ [[Joey Hess|joey]] ]
-   * img: Add back support for SVG images, bypassing ImageMagick and
-     simply passing the SVG through to the browser, which is supported by all
-     commonly used browsers these days.
-     SVG scaling by img directives has subtly changed; where before
-     size=wxh would preserve aspect ratio, this cannot be done when passing
-     them through and so specifying both a width and height can change
-     the SVG's aspect ratio.
-   * loginselector: When only openid and emailauth are enabled, but
-     passwordauth is not, avoid showing a "Other" box which opens an
-     empty form.
- * [ [[Amitai Schlair|schmonz]] ]
-   * mdwn: Process .md like .mdwn, but disallow web creation.
- * [ Florian Wagner ]
-   * git: Correctly handle filenames starting with a dash in add/rm/mv."""]]
diff --git a/doc/news/version_3.20161229.1.mdwn b/doc/news/version_3.20161229.1.mdwn
new file mode 100644
index 000000000..a09a3b2ac
--- /dev/null
+++ b/doc/news/version_3.20161229.1.mdwn
@@ -0,0 +1,5 @@
+ikiwiki 3.20161229.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+   * git: Attribute reverts to the user doing the revert, not the wiki
+     itself.
+   * git: Do not disable the commit hook while preparing a revert."""]]
\ No newline at end of file