X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/b0a7b2f3d7e62d35668a42dab2256505e68515f1..28aba38ed97fc779ce1c4139549e05b8336beaef:/debian/changelog?ds=sidebyside

diff --git a/debian/changelog b/debian/changelog
index 16c5fa65c..579e5f6c3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,23 +1,46 @@
-ikiwiki (2.48) UNRELEASED; urgency=low
+ikiwiki (2.50) UNRELEASED; urgency=low
 
+  * img: Support captions.
+  * img: Don't generate empty title attributes, etc.
+  * img: Allow setting defaults for class and id too.
+
+ -- Joey Hess <joeyh@debian.org>  Sat, 07 Jun 2008 23:04:00 -0400
+
+ikiwiki (2.49) unstable; urgency=low
+
+  * haiku: Generate valid xhtml.
+  * ikiwiki-mass-rebuild: Don't trust $! when setting $)
+  * inline: The optimisation in 2.41 broke nested inlines. Detect those
+    and avoid overoptimising.
+  * search: Converted to use xapian-omega.
+  * Filter hooks are no longer called during the scan phase. This will
+    prevent wikilinks added by filters from being scanned properly. But
+    no known filter hook does that, so let's not waste time on it.
+  * Pass a destpage parameter to the sanitize hook.
+  * The search interface now allows searching for a page by title
+    ("title:foo"), as well as for pages that contain a given link
+    ("link:bar").
+
+ -- Joey Hess <joeyh@debian.org>  Sat, 07 Jun 2008 15:22:41 -0400
+
+ikiwiki (2.48) unstable; urgency=high
+
+  * Fix security hole that occurred if openid and passwordauth were both
+    enabled. passwordauth would allow logging in as a known openid, with an
+    empty password. Closes: #483770 (CVE-2008-0169)
   * Add rel=nofollow to edit links. This may prevent some spiders from
     pounding on the cgi following edit links.
-  * When calling decode_utf8 on known-problimatic content in aggregate,
-    explicitly pass 0 (FB_DEFAULT) as the second parameter. Apparently perl
-    5.8 needs this to avoid crashing on malformed utf-8, despite its docs
-    saying it is the default.
   * passwordauth: If Authen::Passphrase is installed, use it to store
     password hashes, crypted with Eksblowfish.
-  * Existing cleartext passwords in the userdb will be automatically hashed
-    (if Authen::Passphrase is installed) the next time a user logs in.
-    Or `ikiwiki-transition hashpassword /path/to/srcdir` can be used to force
-    a conversion.
-  * Passwords will no longer be mailed, but instead a password reset link
-    mailed.
+  * `ikiwiki-transiition hashpassword /path/to/srcdir` can be used to
+    hash existing plaintext passwords.
+  * Passwords will no longer be mailed, but instead a password reset link.
   * The password_cost config setting is provided as a "more security" knob.
   * teximg: Fix logurl.
+  * teximg: If the log isn't written, avoid ugly error messages.
+  * Updated French translation. Closes: #478530
 
- -- Joey Hess <joeyh@debian.org>  Wed, 28 May 2008 03:07:37 -0400
+ -- Joey Hess <joeyh@debian.org>  Fri, 30 May 2008 17:36:07 -0400
 
 ikiwiki (2.47) unstable; urgency=low