From c8b4ba354f82fbbcebbbfca65b40a047f9920525 Mon Sep 17 00:00:00 2001
From: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Date: Wed, 21 Mar 2007 18:52:56 +0000
Subject: * Fix a security hole that allowed insertion of unsafe content via
 the meta   plugins's support for inserting html link and meta tags. Now such
 content   is passed through the htmlscrubber like everything else. *
 Unfortunatly, that means that some valid uses of those tags are no longer  
 usable, and special case methods needed to be added for including  
 stylesheets, and for doing openid delegation. If you use either of these   in
 your wiki, it will need to be modified. See the meta plugin docs   for
 details.

---
 debian/NEWS | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'debian/NEWS')

diff --git a/debian/NEWS b/debian/NEWS
index 69cbbbd88..9ee20b00a 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,13 @@
+ikiwiki (1.47) unstable; urgency=low
+ 
+  Due to a security fix, wikis that have the htmlscrubber enabled can no
+  longer use the meta plugin to insert html link and meta tags.
+
+  Some special case methods have been added for safely including stylesheets,
+  and for doing openid delegation. See the meta plugin docs for details.
+ 
+ -- Joey Hess <joeyh@debian.org>  Wed, 21 Mar 2007 14:18:40 -0400
+
 ikiwiki (1.45) unstable; urgency=low
 
   Wikis need to be rebuilt on upgrade to this version. If you listed your wiki
-- 
cgit v1.2.3