X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/b154c971a972cd76bb9d70c6afc77fe03de77b40..1ecd251ffa28f851273654599f2d05c4bd552e16:/debian/changelog diff --git a/debian/changelog b/debian/changelog index 331a233fe..8ad4ab502 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,11 +1,34 @@ -ikiwiki (1.46) UNRELEASED; urgency=low +ikiwiki (1.47) unstable; urgency=low + + * Fix a security hole that allowed insertion of unsafe content via the meta + plugins's support for inserting html link and meta tags. Now such content + is passed through the htmlscrubber like everything else. + * Unfortunatly, that means that some valid uses of those tags are no longer + usable, and special case methods needed to be added for including + stylesheets, and for doing openid delegation. If you use either of these + in your wiki, it will need to be modified. See the meta plugin docs + for details. + + -- Joey Hess Wed, 21 Mar 2007 14:05:00 -0400 + +ikiwiki (1.46) unstable; urgency=low * Fix a bug with inlined create page links, including Discussion links on blog post pages. The links will now create pages relative to the page that actually contains the link. * French update. Closes: #414597 - - -- Joey Hess Mon, 12 Mar 2007 15:52:33 -0400 + * Fix some broken logic in cgi creation of a subpage when a toplevel page + with the same name already exists, and generally simplify the edit code. + * Make ikiwiki -verbose -setup with a setup file that enabled syslog logging + output the verbose build log to stdout, rather than to the syslog. + * Detect the case of two people independently creating the same page at the + same time, and let the second person resolve the conflict. + * Applied a patch from Michał to make the mercurial backend pass --quiet to + hg. + * Fix a security hole that allowed a web user to insert arbitrary html in + the title of a page due to missing escaping of titles in the meta plugin. + + -- Joey Hess Wed, 21 Mar 2007 01:51:30 -0400 ikiwiki (1.45) unstable; urgency=low