sbrl-github/Pepperminty-Wiki
sbrl-github/Pepperminty-Wiki
1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-06-01 22:03:02 +00:00
Code Activity

Update Changelog

Browse source
This commit is contained in:
Starbeamrainbowlabs 2021-09-03 02:25:58 +01:00
parent 8e4afbc31c
commit 51475b41b1
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Changelog.md
View file

@ -24,7 +24,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
## Fixed
- [security] Fixed some potential XSS attacks in the page editor
- [security] Fix stored XSS attack in the wiki name via the first run wizard [CVE-2021-38600](https://github.com/hmaverickadams/CVE-2021-38600); low severity since it requires the site secret to do the initial setup & said initial setup can only be performed once
- [security] Fix reflected XSS attack (arbitrary code execution in the user's browser) via the many different GET parameters
- [security] Fix reflected XSS attacks (arbitrary code execution in the user's browser due to unsanitized data) via the many different GET parameters in many different modules
- [security] Automatically run page titles through `htmlentities()`
- Fixed a weird bug in the `stats-update` action causing warnings
- search: Properly apply weightings of matches in page titles and tags