aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/news/version_2.31.1.mdwn4
-rw-r--r--doc/news/version_2.42.mdwn8
2 files changed, 8 insertions, 4 deletions
diff --git a/doc/news/version_2.31.1.mdwn b/doc/news/version_2.31.1.mdwn
deleted file mode 100644
index 131194372..000000000
--- a/doc/news/version_2.31.1.mdwn
+++ /dev/null
@@ -1,4 +0,0 @@
-ikiwiki 2.31.1 released with [[toggle text="these changes"]]
-[[toggleable text="""
- * htmlscrubber security fix: Block javascript in uris.
- * Add htmlscrubber test suite."""]]
diff --git a/doc/news/version_2.42.mdwn b/doc/news/version_2.42.mdwn
new file mode 100644
index 000000000..cb7ebf5d6
--- /dev/null
+++ b/doc/news/version_2.42.mdwn
@@ -0,0 +1,8 @@
+ikiwiki 2.42 released with [[toggle text="these changes"]]
+[[toggleable text="""
+ * aggregate: Correct a mistake in the code that dummy up a guid for feeds
+ lacking one.
+ * inline: Correct handling of urls relative to baseurl in feeds.
+ * Fix CSRF attacks against the preferences and edit forms. The fix involved
+ embedding the session id in the forms, and not allowing the forms to be
+ submitted if the embedded id does not match the session id. Closes: #[475445](http://bugs.debian.org/475445)"""]] \ No newline at end of file