summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog4
-rw-r--r--doc/security.mdwn4
2 files changed, 6 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index befe1dda4..007842833 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-ikiwiki (1.13) UNRELEASED; urgency=low
+ikiwiki (1.13) unstable; urgency=low
* ikiwiki can now download and aggregate feeds with its new aggregate
plugin, so it's possible to implement a Planet using ikiwiki!
@@ -37,7 +37,7 @@ ikiwiki (1.13) UNRELEASED; urgency=low
Closes: #380680
* Changes to index file encoding.
- -- Joey Hess <joeyh@debian.org> Tue, 1 Aug 2006 16:00:58 -0400
+ -- Joey Hess <joeyh@debian.org> Tue, 1 Aug 2006 21:21:19 -0400
ikiwiki (1.12) unstable; urgency=low
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 4db756e2e..b3b5b6f3e 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -91,6 +91,10 @@ _(AKA, the assumptions that will be the root of most security holes...)_
Someone could add bad content to the wiki and hope to exploit ikiwiki.
Note that ikiwiki runs with perl taint checks on, so this is unlikely.
+One fun thing in ikiwiki is its handling of a PageSpec, which involves
+translating it into perl and running the perl. Of course, this is done
+*very* carefully to guard against injecting arbitrary perl code.
+
## publishing cgi scripts
ikiwiki does not allow cgi scripts to be published as part of the wiki. Or