Fossil SCM
Update to the change log
Commit
1042d645388bbfc71cd937c1fdbfe8b9777d2c686c592b9d43b422252021f905
Parent
dc45faa3b77789a…
1 file changed
+18
-5
+18
-5
| --- www/changes.wiki | ||
| +++ www/changes.wiki | ||
| @@ -5,20 +5,33 @@ | ||
| 5 | 5 | additional defenses built into Fossil, as well as good luck, this injection |
| 6 | 6 | is not exploitable for either data exfiltration or privilege escalation. The |
| 7 | 7 | only possible result of invoking the injection is a harmless SQL syntax error. |
| 8 | 8 | (The [https://en.wikipedia.org/wiki/Swiss_cheese_model|holes in the Swiss cheese] |
| 9 | 9 | did not line up!) |
| 10 | - <li> Enhance the chng= query parameter on the [/help?cmd=/timeline|timeline page] | |
| 11 | - so that it works with other query parameters like p=, d=, from=, and to=. | |
| 12 | - <li> Always include nodes identify by sel1= and sel2= in the /timeline display. | |
| 10 | + <li> Strengthen robot defenses to help prevent public-facing servers from being | |
| 11 | + overwhelmed by the latest generation of AI spiders. | |
| 12 | + <ol type="a"> | |
| 13 | + <li> New javascript captcha used to restrict access by user "nobody" to pages | |
| 14 | + listed in the [/help?cmd=robot-restrict|robot-restrict setting]. | |
| 15 | + <li> The [/help?cmd=robot-exception|robot-exception setting] is available to allow | |
| 16 | + access to pages that match a regular expression. Use this, for example, to | |
| 17 | + allow curl scripts and similar to download release tarballs. | |
| 18 | + <li> Require at least an anonymous login to access the /blame page and similar. | |
| 19 | + </ol> | |
| 20 | + <li> [/help?cmd=/timeline|Timeline] enhancements: | |
| 21 | + <ol type="a"> | |
| 22 | + <li> The chng= query parameter on the [/help?cmd=/timeline|timeline page] | |
| 23 | + so that it works with other query parameters like p=, d=, from=, and to=. | |
| 24 | + <li> Always include nodes identify by sel1= and sel2= in the /timeline display. | |
| 25 | + <li> Improved title when p= and d= are different. | |
| 26 | + </ol> | |
| 13 | 27 | <li> Enable the --editor option on the [/help?cmd=amend|fossil amend] command. |
| 14 | - <li> Require at least an anonymous login to access the /blame page and similar, | |
| 15 | - to help prevent robots from soaking up excess CPU time on such pages. | |
| 16 | 28 | <li> When walking the filesystem looking for Fossil repositories, avoid descending |
| 17 | 29 | into directories named "/proc". |
| 18 | 30 | <li> Reduce memory requirements for sending authenticated sync protocol |
| 19 | 31 | messages. |
| 32 | + <li> Show numstat-style change statistics in the /info and /ckout pages. | |
| 20 | 33 | <li> Add the [/help?cmd=stash | stash rename] subcommand. |
| 21 | 34 | </ol> |
| 22 | 35 | |
| 23 | 36 | <h2 id='v2_26'>Changes for version 2.26 (2025-04-30)</h2><ol> |
| 24 | 37 | <li>Enhancements to [/help?cmd=diff|fossil diff] and similar: |
| 25 | 38 |
| --- www/changes.wiki | |
| +++ www/changes.wiki | |
| @@ -5,20 +5,33 @@ | |
| 5 | additional defenses built into Fossil, as well as good luck, this injection |
| 6 | is not exploitable for either data exfiltration or privilege escalation. The |
| 7 | only possible result of invoking the injection is a harmless SQL syntax error. |
| 8 | (The [https://en.wikipedia.org/wiki/Swiss_cheese_model|holes in the Swiss cheese] |
| 9 | did not line up!) |
| 10 | <li> Enhance the chng= query parameter on the [/help?cmd=/timeline|timeline page] |
| 11 | so that it works with other query parameters like p=, d=, from=, and to=. |
| 12 | <li> Always include nodes identify by sel1= and sel2= in the /timeline display. |
| 13 | <li> Enable the --editor option on the [/help?cmd=amend|fossil amend] command. |
| 14 | <li> Require at least an anonymous login to access the /blame page and similar, |
| 15 | to help prevent robots from soaking up excess CPU time on such pages. |
| 16 | <li> When walking the filesystem looking for Fossil repositories, avoid descending |
| 17 | into directories named "/proc". |
| 18 | <li> Reduce memory requirements for sending authenticated sync protocol |
| 19 | messages. |
| 20 | <li> Add the [/help?cmd=stash | stash rename] subcommand. |
| 21 | </ol> |
| 22 | |
| 23 | <h2 id='v2_26'>Changes for version 2.26 (2025-04-30)</h2><ol> |
| 24 | <li>Enhancements to [/help?cmd=diff|fossil diff] and similar: |
| 25 |
| --- www/changes.wiki | |
| +++ www/changes.wiki | |
| @@ -5,20 +5,33 @@ | |
| 5 | additional defenses built into Fossil, as well as good luck, this injection |
| 6 | is not exploitable for either data exfiltration or privilege escalation. The |
| 7 | only possible result of invoking the injection is a harmless SQL syntax error. |
| 8 | (The [https://en.wikipedia.org/wiki/Swiss_cheese_model|holes in the Swiss cheese] |
| 9 | did not line up!) |
| 10 | <li> Strengthen robot defenses to help prevent public-facing servers from being |
| 11 | overwhelmed by the latest generation of AI spiders. |
| 12 | <ol type="a"> |
| 13 | <li> New javascript captcha used to restrict access by user "nobody" to pages |
| 14 | listed in the [/help?cmd=robot-restrict|robot-restrict setting]. |
| 15 | <li> The [/help?cmd=robot-exception|robot-exception setting] is available to allow |
| 16 | access to pages that match a regular expression. Use this, for example, to |
| 17 | allow curl scripts and similar to download release tarballs. |
| 18 | <li> Require at least an anonymous login to access the /blame page and similar. |
| 19 | </ol> |
| 20 | <li> [/help?cmd=/timeline|Timeline] enhancements: |
| 21 | <ol type="a"> |
| 22 | <li> The chng= query parameter on the [/help?cmd=/timeline|timeline page] |
| 23 | so that it works with other query parameters like p=, d=, from=, and to=. |
| 24 | <li> Always include nodes identify by sel1= and sel2= in the /timeline display. |
| 25 | <li> Improved title when p= and d= are different. |
| 26 | </ol> |
| 27 | <li> Enable the --editor option on the [/help?cmd=amend|fossil amend] command. |
| 28 | <li> When walking the filesystem looking for Fossil repositories, avoid descending |
| 29 | into directories named "/proc". |
| 30 | <li> Reduce memory requirements for sending authenticated sync protocol |
| 31 | messages. |
| 32 | <li> Show numstat-style change statistics in the /info and /ckout pages. |
| 33 | <li> Add the [/help?cmd=stash | stash rename] subcommand. |
| 34 | </ol> |
| 35 | |
| 36 | <h2 id='v2_26'>Changes for version 2.26 (2025-04-30)</h2><ol> |
| 37 | <li>Enhancements to [/help?cmd=diff|fossil diff] and similar: |
| 38 |