1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00

Update changelog

This commit is contained in:
Starbeamrainbowlabs 2021-09-02 21:22:03 +01:00
parent dfe76d1d9b
commit 4fdbd9a427
Signed by: sbrl
GPG key ID: 1BE5172E637709C2

View file

@ -22,7 +22,9 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
## Fixed ## Fixed
- [security] Fixed some potential XSS attacks in the page editor - [security] Fixed some potential XSS attacks in the page editor
- [security] Fix stored XSS attack in the wiki name via the first run wizard [CVE-2021-38600](https://github.com/hmaverickadams/CVE-2021-38600); low severity since it requires the site secret to do the initial setup & said initial setup can only be performed once - [security] Fix stored XSS attack in the wiki name via the first run wizard [CVE-2021-38600](https://github.com/hmaverickadams/CVE-2021-38600); low severity since it requires the site secret to do the initial setup & said initial setup can only be performed once
- [security] Fix reflected XSS attack (arbitrary code execution in the user's browser) via the `action` & `action=watchlist&return=blah` GET parameters. - [security] Fix reflected XSS attack (arbitrary code execution in the user's browser) via the following GET parameters
- `action`
- `action=watchlist`: `returnto`, `do`
- Fixed a weird bug in the `stats-update` action causing warnings - Fixed a weird bug in the `stats-update` action causing warnings
- search: Properly apply weightings of matches in page titles and tags - search: Properly apply weightings of matches in page titles and tags
- Improved error handling on first run where the PHP Zip extension is not installed - Improved error handling on first run where the PHP Zip extension is not installed