From 341296184dc486f39c3627dbac73f5b4003adbb4 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kodama.kitenet.net>
Date: Fri, 30 May 2008 18:22:14 -0400
Subject: [PATCH] add news item for ikiwiki 2.48

---
 doc/news/version_2.43.mdwn |  8 --------
 doc/news/version_2.48.mdwn | 24 ++++++++++++++++++++++++
 2 files changed, 24 insertions(+), 8 deletions(-)
 delete mode 100644 doc/news/version_2.43.mdwn
 create mode 100644 doc/news/version_2.48.mdwn

diff --git a/doc/news/version_2.43.mdwn b/doc/news/version_2.43.mdwn
deleted file mode 100644
index ce75b4c49..000000000
--- a/doc/news/version_2.43.mdwn
+++ /dev/null
@@ -1,8 +0,0 @@
-ikiwiki 2.43 released with [[toggle text="these changes"]]
-[[toggleable text="""
-   * Fix missing import of escapeHTML in userlink. (Scott Bronson)
-   * Fix broken rcs\_update for bzr. (Scott Bronson)
-   * Use bzr --quiet to avoid it outputting stuff and messing up http headers.
-     (Scott Bronson)
-   * Give the full path to the hyperestraier helpfile in estseek.conf.
-   * Recommend a recent git-core for git init. Closes: [475609](http://bugs.debian.org/475609)"""]]
\ No newline at end of file
diff --git a/doc/news/version_2.48.mdwn b/doc/news/version_2.48.mdwn
new file mode 100644
index 000000000..c5e0e830d
--- /dev/null
+++ b/doc/news/version_2.48.mdwn
@@ -0,0 +1,24 @@
+News for ikiwiki 2.48:
+
+   If you allowed password based logins to your wiki, those passwords were
+   stored in cleartext in the userdb. To guard against exposing users'
+   passwords, I recommend you install the Authen::Passphrase perl module, and
+   then run `ikiwiki-transition hashpassword /path/to/srcdir` to replace all
+   existing cleartext passwords with strong (blowfish) hashes.
+
+ikiwiki 2.48 released with [[toggle text="these changes"]]
+[[toggleable text="""
+   * Fix security hole that occurred if openid and passwordauth were both
+     enabled. passwordauth would allow logging in as a known openid, with an
+     empty password. Closes: #[483770](http://bugs.debian.org/483770)
+   * Add rel=nofollow to edit links. This may prevent some spiders from
+     pounding on the cgi following edit links.
+   * passwordauth: If Authen::Passphrase is installed, use it to store
+     password hashes, crypted with Eksblowfish.
+   * `ikiwiki-transiition hashpassword /path/to/srcdir` can be used to
+     hash existing plaintext passwords.
+   * Passwords will no longer be mailed, but instead a password reset link.
+   * The password\_cost config setting is provided as a "more security" knob.
+   * teximg: Fix logurl.
+   * teximg: If the log isn't written, avoid ugly error messages.
+   * Updated French translation. Closes: #[478530](http://bugs.debian.org/478530)"""]]
\ No newline at end of file
-- 
2.45.0