2 files changed, 23 insertions, 0 deletions

diff --git a/debian/NEWS b/debian/NEWS
index 69cbbbd88..9ee20b00a 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,13 @@
+ikiwiki (1.47) unstable; urgency=low
+ 
+  Due to a security fix, wikis that have the htmlscrubber enabled can no
+  longer use the meta plugin to insert html link and meta tags.
+
+  Some special case methods have been added for safely including stylesheets,
+  and for doing openid delegation. See the meta plugin docs for details.
+ 
+ -- Joey Hess <joeyh@debian.org>  Wed, 21 Mar 2007 14:18:40 -0400
+
 ikiwiki (1.45) unstable; urgency=low
 
   Wikis need to be rebuilt on upgrade to this version. If you listed your wiki
diff --git a/debian/changelog b/debian/changelog
index 976143aee..42b23945a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+ikiwiki (1.47) UNRELEASED; urgency=low
+
+  * Fix a security hole that allowed insertion of unsafe content via the meta
+    plugins's support for inserting html link and meta tags. Now such content
+    is passed through the htmlscrubber like everything else.
+  * Unfortunatly, that means that some valid uses of those tags are no longer
+    usable, and special case methods needed to be added for including
+    stylesheets, and for doing openid delegation. If you use either of these
+    in your wiki, it will need to be modified. See the meta plugin docs
+    for details.
+
+ -- Joey Hess <joeyh@debian.org>  Wed, 21 Mar 2007 14:05:00 -0400
+
 ikiwiki (1.46) unstable; urgency=low
 
   * Fix a bug with inlined create page links, including Discussion links on