X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/66a65b5ddd8963a66293ac90a01eb40daccaee03..12d947a02f2feacc6524851a40751767f04bb48d:/debian/changelog

diff --git a/debian/changelog b/debian/changelog
index faddbb983..8ad4ab502 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,36 @@
-ikiwiki (1.45) UNRELEASED; urgency=low
+ikiwiki (1.47) unstable; urgency=low
+
+  * Fix a security hole that allowed insertion of unsafe content via the meta
+    plugins's support for inserting html link and meta tags. Now such content
+    is passed through the htmlscrubber like everything else.
+  * Unfortunatly, that means that some valid uses of those tags are no longer
+    usable, and special case methods needed to be added for including
+    stylesheets, and for doing openid delegation. If you use either of these
+    in your wiki, it will need to be modified. See the meta plugin docs
+    for details.
+
+ -- Joey Hess <joeyh@debian.org>  Wed, 21 Mar 2007 14:05:00 -0400
+
+ikiwiki (1.46) unstable; urgency=low
+
+  * Fix a bug with inlined create page links, including Discussion links on
+    blog post pages. The links will now create pages relative to the page that
+    actually contains the link.
+  * French update. Closes: #414597
+  * Fix some broken logic in cgi creation of a subpage when a toplevel page
+    with the same name already exists, and generally simplify the edit code.
+  * Make ikiwiki -verbose -setup with a setup file that enabled syslog logging
+    output the verbose build log to stdout, rather than to the syslog.
+  * Detect the case of two people independently creating the same page at the
+    same time, and let the second person resolve the conflict.
+  * Applied a patch from Michał to make the mercurial backend pass --quiet to
+    hg.
+  * Fix a security hole that allowed a web user to insert arbitrary html in
+    the title of a page due to missing escaping of titles in the meta plugin.
+
+ -- Joey Hess <joeyh@debian.org>  Wed, 21 Mar 2007 01:51:30 -0400
+
+ikiwiki (1.45) unstable; urgency=low
 
   * Allow for underscores to appear in page titles, if encoded appropriately
     (__95__) in filenames. Previously, all underscores were replaced with
@@ -13,6 +45,7 @@ ikiwiki (1.45) UNRELEASED; urgency=low
     image using width and height attributes.
   * Also fixes img preview display, the links were wrong in preview before.
   * Add a sparkline plugin.
+  * Add a postsparkline plugin.
   * The slash escaping when adding to a blog from the CGI was not working
     since it ended up being double-escaped. Instead, just remove slashes.
   * Fix some nasty issues with page name escaping during previewing
@@ -28,7 +61,7 @@ ikiwiki (1.45) UNRELEASED; urgency=low
   * Correct a deadlock that could occur in post-commit if the aggregate plugin
     was enabled and tried to lock the already locked wiki.
 
- -- Joey Hess <joeyh@debian.org>  Thu,  8 Mar 2007 05:57:49 -0500
+ -- Joey Hess <joeyh@debian.org>  Sat, 10 Mar 2007 21:11:05 -0500
 
 ikiwiki (1.44) unstable; urgency=low