Fossil SCM
Updates to the change log.
Commit
13919ef8fcddd93bd7eaeabdb5c079c8477807f7d125684b6bf6415055ae5645
Parent
d20ead10c34909d…
1 file changed
+12
-1
+12
-1
| --- www/changes.wiki | ||
| +++ www/changes.wiki | ||
| @@ -18,17 +18,28 @@ | ||
| 18 | 18 | * Add an option on the /Admin/Timeline setup page to set a default |
| 19 | 19 | timeline style other than "Modern". |
| 20 | 20 | * In [./embeddeddoc.wiki|embedded documentation], hyperlink URLs |
| 21 | 21 | of the form "/doc/$CURRENT/..." the "$CURRENT" text is translated |
| 22 | 22 | into the check-in hash for the document currently being viewed. |
| 23 | - * Proactive security: Fossil now assumes that the schema of every | |
| 23 | + * Security: Fossil now assumes that the schema of every | |
| 24 | 24 | database it opens has been tampered with by an adversary and takes |
| 25 | 25 | extra precautions to ensure that such tampering is harmless. |
| 26 | + * Security: Fossil now puts the Content-Security-Policy in the | |
| 27 | + HTTP reply header, in addition to also leaving it in the | |
| 28 | + HTML <head> section, so that it is always available, if | |
| 29 | + if a custom skin overrides the HTML <head> and omits | |
| 30 | + the CSP in the process. | |
| 31 | + * The Content-Security-Policy is now set using the | |
| 32 | + [/help?cmd=default-csp|default-csp setting]. | |
| 26 | 33 | * Merge conflicts caused via the [/help?cmd=merge|merge] and |
| 27 | 34 | [/help?cmd=update|update] commands no longer leave temporary |
| 28 | 35 | files behind unless the new <tt>--keep-merge-file</tt> flag |
| 29 | 36 | is used. |
| 37 | + * The [/help?cmd=/artifact_stats|/artifact_stats page] is now accessible | |
| 38 | + to all users if the new "artifact_stats_enable" setting is turned | |
| 39 | + on. There is a new checkbox under the /Admin/Access menu to turn | |
| 40 | + that capability on and off. | |
| 30 | 41 | * Bug fix: the "fossil git export" command is now working on Windows |
| 31 | 42 | * Bug fix: display Technote items on the timeline correctly |
| 32 | 43 | * Bug fix: fix the capability summary matrix of the Security Audit |
| 33 | 44 | page so that it does not add "anonymous" capabilities to the |
| 34 | 45 | "nobody" user. |
| 35 | 46 |
| --- www/changes.wiki | |
| +++ www/changes.wiki | |
| @@ -18,17 +18,28 @@ | |
| 18 | * Add an option on the /Admin/Timeline setup page to set a default |
| 19 | timeline style other than "Modern". |
| 20 | * In [./embeddeddoc.wiki|embedded documentation], hyperlink URLs |
| 21 | of the form "/doc/$CURRENT/..." the "$CURRENT" text is translated |
| 22 | into the check-in hash for the document currently being viewed. |
| 23 | * Proactive security: Fossil now assumes that the schema of every |
| 24 | database it opens has been tampered with by an adversary and takes |
| 25 | extra precautions to ensure that such tampering is harmless. |
| 26 | * Merge conflicts caused via the [/help?cmd=merge|merge] and |
| 27 | [/help?cmd=update|update] commands no longer leave temporary |
| 28 | files behind unless the new <tt>--keep-merge-file</tt> flag |
| 29 | is used. |
| 30 | * Bug fix: the "fossil git export" command is now working on Windows |
| 31 | * Bug fix: display Technote items on the timeline correctly |
| 32 | * Bug fix: fix the capability summary matrix of the Security Audit |
| 33 | page so that it does not add "anonymous" capabilities to the |
| 34 | "nobody" user. |
| 35 |
| --- www/changes.wiki | |
| +++ www/changes.wiki | |
| @@ -18,17 +18,28 @@ | |
| 18 | * Add an option on the /Admin/Timeline setup page to set a default |
| 19 | timeline style other than "Modern". |
| 20 | * In [./embeddeddoc.wiki|embedded documentation], hyperlink URLs |
| 21 | of the form "/doc/$CURRENT/..." the "$CURRENT" text is translated |
| 22 | into the check-in hash for the document currently being viewed. |
| 23 | * Security: Fossil now assumes that the schema of every |
| 24 | database it opens has been tampered with by an adversary and takes |
| 25 | extra precautions to ensure that such tampering is harmless. |
| 26 | * Security: Fossil now puts the Content-Security-Policy in the |
| 27 | HTTP reply header, in addition to also leaving it in the |
| 28 | HTML <head> section, so that it is always available, if |
| 29 | if a custom skin overrides the HTML <head> and omits |
| 30 | the CSP in the process. |
| 31 | * The Content-Security-Policy is now set using the |
| 32 | [/help?cmd=default-csp|default-csp setting]. |
| 33 | * Merge conflicts caused via the [/help?cmd=merge|merge] and |
| 34 | [/help?cmd=update|update] commands no longer leave temporary |
| 35 | files behind unless the new <tt>--keep-merge-file</tt> flag |
| 36 | is used. |
| 37 | * The [/help?cmd=/artifact_stats|/artifact_stats page] is now accessible |
| 38 | to all users if the new "artifact_stats_enable" setting is turned |
| 39 | on. There is a new checkbox under the /Admin/Access menu to turn |
| 40 | that capability on and off. |
| 41 | * Bug fix: the "fossil git export" command is now working on Windows |
| 42 | * Bug fix: display Technote items on the timeline correctly |
| 43 | * Bug fix: fix the capability summary matrix of the Security Audit |
| 44 | page so that it does not add "anonymous" capabilities to the |
| 45 | "nobody" user. |
| 46 |