diff options
-rw-r--r-- | doc/news/version_2.48.mdwn | 27 | ||||
-rw-r--r-- | doc/news/version_2.53.mdwn | 11 |
2 files changed, 11 insertions, 27 deletions
diff --git a/doc/news/version_2.48.mdwn b/doc/news/version_2.48.mdwn deleted file mode 100644 index 76dbd7ddc..000000000 --- a/doc/news/version_2.48.mdwn +++ /dev/null @@ -1,27 +0,0 @@ -**This release fixes an important security hole, upgrade immediately.** - -News for ikiwiki 2.48: - - If you allowed password based logins to your wiki, those passwords were - stored in cleartext in the userdb. To guard against exposing users' - passwords, I recommend you install the [[cpan Authen::Passphrase]] perl module, and - then run `ikiwiki-transition hashpassword /path/to/srcdir` to replace all - existing cleartext passwords with strong (blowfish) hashes. - -ikiwiki 2.48 released with [[toggle text="these changes"]] -[[toggleable text=""" - * Fix security hole that occurred if openid and passwordauth were both - enabled. passwordauth would allow logging in as a known openid, with an - empty password. Closes: #[483770](http://bugs.debian.org/483770) - (CVE-2008-0169) - * Add rel=nofollow to edit links. This may prevent some spiders from - pounding on the cgi following edit links. - * passwordauth: If Authen::Passphrase is installed, use it to store - password hashes, crypted with Eksblowfish. - * `ikiwiki-transiition hashpassword /path/to/srcdir` can be used to - hash existing plaintext passwords. - * Passwords will no longer be mailed, but instead a password reset link. - * The password\_cost config setting is provided as a "more security" knob. - * teximg: Fix logurl. - * teximg: If the log isn't written, avoid ugly error messages. - * Updated French translation. Closes: #[478530](http://bugs.debian.org/478530)"""]] diff --git a/doc/news/version_2.53.mdwn b/doc/news/version_2.53.mdwn new file mode 100644 index 000000000..889547ca2 --- /dev/null +++ b/doc/news/version_2.53.mdwn @@ -0,0 +1,11 @@ +ikiwiki 2.53 released with [[toggle text="these changes"]] +[[toggleable text=""" + * search: generate configuration files once only when rebuilding + (Gabriel McManus) + * attachment: Fix an uninitialised value warning when editing a page + that currently has no attachments. + * Fix a bug with links to pages whose names contained colons. + * attachment: Support old versions of CGI.pm that lack an upload method. + * Include ikiwiki.setup in examples in the debian package. + * attachment: Support perl 5.8's buggy version of CGI.pm. + * otl: Support utf-8 files. (Recai Oktaş)"""]]
\ No newline at end of file |