changeset 6123:8537503261b1

updated CHANGES
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 31 Oct 2016 20:45:16 +0100
parents 3bddf075fdbd
children cf8f1f2a852e
files docs/CHANGES
diffstat 1 files changed, 14 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/docs/CHANGES	Mon Oct 31 20:34:11 2016 +0100
+++ b/docs/CHANGES	Mon Oct 31 20:45:16 2016 +0100
@@ -16,7 +16,7 @@
     editor_force = True
     editor_default = 'text'  # internal default, just for completeness
 
-Version 1.9.9rc1:
+Version 1.9.9 aka "The undead MoinMoin Halloween Release" 2016-10-31
 
   SECURITY HINT: make sure you have allow_xslt = False (or just do not use
   allow_xslt at all in your wiki configs, False is the internal default).
@@ -25,6 +25,19 @@
   HINT: Python 2.7 is required! See docs/REQUIREMENTS for details.
 
   Fixes:
+  * security: fix XSS in AttachFile view (multifile related) CVE-2016-7148
+  * security: fix XSS in GUI editor's attachment dialogue CVE-2016-7146
+  * security: fix XSS in GUI editor's link dialogue CVE-2016-9119
+  * catch IOError for zipfile errors (sometimes triggered by zipfile.is_zipfile
+    false positives, see http://bugs.python.org/issue28494 ).
+
+  Other changes:
+  * update moin.spec, setup.py: py27 only
+
+
+Version 1.9.9rc1:
+
+  Fixes:
   * add meta "viewport" for small device viewports
   * add meta X-UA-Compatible IE=Edge, make IE happy on intranets