diff docs/CHANGES @ 5821:99e2309a7ec0

xslt/4suite insecurity hint, always keep allow_xslt = False
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Tue, 24 Jan 2012 17:04:29 +0100
parents d8ac2a401f8f
children 7cead19b1014
line wrap: on
line diff
--- a/docs/CHANGES	Thu Jan 19 16:21:14 2012 +0100
+++ b/docs/CHANGES	Tue Jan 24 17:04:29 2012 +0100
@@ -18,6 +18,10 @@
 
 Version 1.9.4:
 
+  SECURITY HINT: make sure you have allow_xslt = False (or just do not use
+  allow_xslt at all in your wiki configs, False is the internal default).
+  Allowing XSLT/4suite is very dangerous, see HelpOnConfiguration wiki page.
+
   HINT: Python >= 2.5 is maybe required!
   To use all the code that is bundled in the MoinMoin download release,
   you are required to have Python >= 2.5 now. This is primarily due to