blob: aa3218581cca4b548a89af27401c9303f9bd3e30 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
This is a security fix release, upgrade is recommended.
News for ikiwiki 2.14:
This version of ikiwiki is more picky about symlinks in the path leading
to the srcdir, and will refuse to use a srcdir specified by such a path.
This was necessary to avoid some potential exploits, but could potentially
break (semi-)working wikis. If your wiki has a srcdir path containing a
symlink, you should change it to use a path that does not.
ikiwiki 2.14 released with [[toggle text="these changes"]]
[[toggleable text="""
* Let CC be used to control what compiler is used to build wrappers.
* Use 'cc' instead of gcc as the default compiler.
* Security fix: Ensure that there are no symlinks anywhere in the path
to the top of the srcdir. In certian unusual configurations, an attacker
who could commit to one of the parent directories of the srcdir could
use a symlink attack to cause ikiwiki to publish files elsewhere in the
filesystem. More details [[here|security#index29h2]]
"""]]
|