X-Git-Url: https://git.deb.at/?p=pkg%2Fblosxom.git;a=blobdiff_plain;f=ChangeLog;h=f2650e46b71b46b947952e5d4bb1da7877eb9ed8;hp=4d7e9830f1b99862721481b466b0ce7c70bbabc7;hb=7db2f2c32bcbdf67b4f3220d69ef015384d69815;hpb=78104789ca97d102152d88b983af4f9c709c0247 diff --git a/ChangeLog b/ChangeLog index 4d7e983..f2650e4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,30 @@ +v2.1.2 + * Fix XSS in $flavour (CVE-2008-2236). Thanks to Yoshinori Ohta of + Business Architects Inc. for making us aware of this issue. + v2.1.1 + * The "never trust a dot zero release" bugfix release for 2.1.0. * Added CVS Id keyword to file header. + * Declaring $encode_xml_entities as a config option by moving it into + the config section -- no functionality change. + * Changing isPermalink back to "false" for the default RSS story + template because it won't be a working link in many situations. + This won't change the GUID, but don't let it be used as + anymore. That's what the tag is for anyway. Thanks to Lilo + von Hanffstengel for pointing this out. + * Rewrote the (at least with Apache 2.2's environment) no more working + manual base URL detection code. Made it simpler, easier to + understand and let it only apply, if the base URL was not set + manually. The concept since 2.0.2 was: Always ask for the whole URI + and then remove the PATH_INFO in some cases again. This caused some + havoc. New concept is: Strip PATH_INFO from base URL if CGI.pm + didn't manage to do it. In those rare cases where neither CGI.pm nor + Blosxom manages to correctly determine the base URL, you can easily + set $url in the config file to the correct value and no base URL + magic happens anymore (except the removing of a trailing slash if + present -- as before). Closes: #2032685 + * Added a lot of comments explaining the fixed problems and the + remaining seldom cases where manual configuration is necessary. v2.1.0 * unescape url returned from CGI.pm to match PATH_INFO escaping