Fossil SCM
Update the change log.
Commit
3a0dfc892071357d96dbeabc46aef28e6f73e1a5e6b9afabee7746acf35a1490
Parent
9642cde38468682…
1 file changed
+2
-2
+2
-2
| --- www/changes.wiki | ||
| +++ www/changes.wiki | ||
| @@ -1,14 +1,14 @@ | ||
| 1 | 1 | <title>Change Log</title> |
| 2 | 2 | |
| 3 | 3 | <h2 id='v2_27'>Changes for version 2.27 (pending)</h2><ol> |
| 4 | + <li> Close a potential Denial-of-Service attack against any public-facing Fossil | |
| 5 | + server involving exponential behavior in Fossil's regexp implementation. | |
| 4 | 6 | <li> Fix a SQL injection on the [/help?cmd=/file|/file page]. Thanks to |
| 5 | 7 | additional defenses built into Fossil, as well as good luck, this injection |
| 6 | 8 | is not exploitable for either data exfiltration or privilege escalation. The |
| 7 | 9 | only possible result of invoking the injection is a harmless SQL syntax error. |
| 8 | - (The [https://en.wikipedia.org/wiki/Swiss_cheese_model|holes in the Swiss cheese] | |
| 9 | - did not line up!) | |
| 10 | 10 | <li> Strengthen robot defenses to help prevent public-facing servers from being |
| 11 | 11 | overwhelmed by the latest generation of AI spiders. |
| 12 | 12 | <ol type="a"> |
| 13 | 13 | <li> New javascript captcha used to restrict access by user "nobody" to pages |
| 14 | 14 | listed in the [/help?cmd=robot-restrict|robot-restrict setting]. |
| 15 | 15 |
| --- www/changes.wiki | |
| +++ www/changes.wiki | |
| @@ -1,14 +1,14 @@ | |
| 1 | <title>Change Log</title> |
| 2 | |
| 3 | <h2 id='v2_27'>Changes for version 2.27 (pending)</h2><ol> |
| 4 | <li> Fix a SQL injection on the [/help?cmd=/file|/file page]. Thanks to |
| 5 | additional defenses built into Fossil, as well as good luck, this injection |
| 6 | is not exploitable for either data exfiltration or privilege escalation. The |
| 7 | only possible result of invoking the injection is a harmless SQL syntax error. |
| 8 | (The [https://en.wikipedia.org/wiki/Swiss_cheese_model|holes in the Swiss cheese] |
| 9 | did not line up!) |
| 10 | <li> Strengthen robot defenses to help prevent public-facing servers from being |
| 11 | overwhelmed by the latest generation of AI spiders. |
| 12 | <ol type="a"> |
| 13 | <li> New javascript captcha used to restrict access by user "nobody" to pages |
| 14 | listed in the [/help?cmd=robot-restrict|robot-restrict setting]. |
| 15 |
| --- www/changes.wiki | |
| +++ www/changes.wiki | |
| @@ -1,14 +1,14 @@ | |
| 1 | <title>Change Log</title> |
| 2 | |
| 3 | <h2 id='v2_27'>Changes for version 2.27 (pending)</h2><ol> |
| 4 | <li> Close a potential Denial-of-Service attack against any public-facing Fossil |
| 5 | server involving exponential behavior in Fossil's regexp implementation. |
| 6 | <li> Fix a SQL injection on the [/help?cmd=/file|/file page]. Thanks to |
| 7 | additional defenses built into Fossil, as well as good luck, this injection |
| 8 | is not exploitable for either data exfiltration or privilege escalation. The |
| 9 | only possible result of invoking the injection is a harmless SQL syntax error. |
| 10 | <li> Strengthen robot defenses to help prevent public-facing servers from being |
| 11 | overwhelmed by the latest generation of AI spiders. |
| 12 | <ol type="a"> |
| 13 | <li> New javascript captcha used to restrict access by user "nobody" to pages |
| 14 | listed in the [/help?cmd=robot-restrict|robot-restrict setting]. |
| 15 |