-ikiwiki (1.46) UNRELEASED; urgency=low
+ikiwiki (1.47) unstable; urgency=low
+
+ * Fix a security hole that allowed insertion of unsafe content via the meta
+ plugins's support for inserting html link and meta tags. Now such content
+ is passed through the htmlscrubber like everything else.
+ * Unfortunatly, that means that some valid uses of those tags are no longer
+ usable, and special case methods needed to be added for including
+ stylesheets, and for doing openid delegation. If you use either of these
+ in your wiki, it will need to be modified. See the meta plugin docs
+ for details.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 14:05:00 -0400
+
+ikiwiki (1.46) unstable; urgency=low
* Fix a bug with inlined create page links, including Discussion links on
blog post pages. The links will now create pages relative to the page that
actually contains the link.
* French update. Closes: #414597
-
- -- Joey Hess <joeyh@debian.org> Mon, 12 Mar 2007 15:52:33 -0400
+ * Fix some broken logic in cgi creation of a subpage when a toplevel page
+ with the same name already exists, and generally simplify the edit code.
+ * Make ikiwiki -verbose -setup with a setup file that enabled syslog logging
+ output the verbose build log to stdout, rather than to the syslog.
+ * Detect the case of two people independently creating the same page at the
+ same time, and let the second person resolve the conflict.
+ * Applied a patch from MichaĆ to make the mercurial backend pass --quiet to
+ hg.
+ * Fix a security hole that allowed a web user to insert arbitrary html in
+ the title of a page due to missing escaping of titles in the meta plugin.
+
+ -- Joey Hess <joeyh@debian.org> Wed, 21 Mar 2007 01:51:30 -0400
ikiwiki (1.45) unstable; urgency=low
sipb-www / ikiwiki.git / blobdiff