Fossil SCM
Update the change log for the TLS security patch.
Commit
3c1a27646cc64edeff298daac3f9771208fd77503e9231d0e5e5831d73bcaa14
Parent
aaab2a15d1dfc22…
1 file changed
+15
-4
+15
-4
| --- www/changes.wiki | ||
| +++ www/changes.wiki | ||
| @@ -1,9 +1,12 @@ | ||
| 1 | 1 | <title>Change Log</title> |
| 2 | 2 | |
| 3 | 3 | <a name='v2_16'></a> |
| 4 | 4 | <h2>Changes for Version 2.16 (pending)</h2> |
| 5 | + * <b>Security:</b> Fix the client-side TLS so that it verifies that the | |
| 6 | + server hostname matches its certificate. <b>Upgrading to | |
| 7 | + the patch is recommended.</b> | |
| 5 | 8 | * The [/brlist|/brlist web page] allows the user to |
| 6 | 9 | select multiple branches to be displayed together in a single |
| 7 | 10 | timeline. |
| 8 | 11 | * The [./forum.wiki|Forum] provides a hyperlink on the author of each |
| 9 | 12 | post that goes to a timeline of recent posts by that same author. |
| @@ -24,13 +27,17 @@ | ||
| 24 | 27 | a specific number of days (ex: 365) after the last user contact with |
| 25 | 28 | the Fossil server |
| 26 | 29 | This can prevents alert emails being sent to |
| 27 | 30 | abandoned email accounts forever. |
| 28 | 31 | |
| 29 | 32 | <a name='v2_15'></a> |
| 30 | -<h2>Changes for Version 2.15 (2021-03-26) and Patch 2.15.1 on (2021-04-07)</h2> | |
| 33 | +<h2>Changes for Version 2.15 (2021-03-26) and Patch 2.15.1 on (2021-04-07) | |
| 34 | + and 2.15.2 on (2021-06-15)</h2> | |
| 35 | + * <b>Patch 2.15.2:</b> Fix the client-side TLS so that it verifies that the | |
| 36 | + server hostname matches its certificate. <b>Upgrading to | |
| 37 | + the patch is recommended.</b> | |
| 31 | 38 | * <b>Patch 2.15.1:</b> Fix a data exfiltration bug in the server. <b>Upgrading to |
| 32 | - the patch is recommended.</b><p> | |
| 39 | + the patch is recommended.</b> | |
| 33 | 40 | * The [./defcsp.md|default CSP] has been relaxed slightly to allow |
| 34 | 41 | images to be loaded from any URL. All other resources are still |
| 35 | 42 | locked down by default. |
| 36 | 43 | * The built-in skins all use the "[/help?cmd=mainmenu|mainmenu]" |
| 37 | 44 | setting to determine the content of the main menu. |
| @@ -105,13 +112,17 @@ | ||
| 105 | 112 | versions of a wiki (by the means of anchoring a "baseline" version) |
| 106 | 113 | and the ability to squeeze several sequential edits made by the same |
| 107 | 114 | user into a single "recycled" row (the latest edit in that sequence). |
| 108 | 115 | |
| 109 | 116 | <a name='v2_14'></a> |
| 110 | -<h2>Changes for Version 2.14 (2021-01-20) and Patch 2.14.1 on (2021-04-07)</h2> | |
| 117 | +<h2>Changes for Version 2.14 (2021-01-20) and Patch 2.14.1 on (2021-04-07) | |
| 118 | + and 2.14.2 on (2021-06-15)</h2> | |
| 119 | + * <b>Patch 2.14.2:</b> Fix the client-side TLS so that it verifies that the | |
| 120 | + server hostname matches its certificate. <b>Upgrading to | |
| 121 | + the patch is recommended.</b>< | |
| 111 | 122 | * <b>Patch 2.14.1:</b> Fix a data exfiltration bug in the server. |
| 112 | - <b>Upgrading to the patch is recommended.</b><p> | |
| 123 | + <b>Upgrading to the patch is recommended.</b> | |
| 113 | 124 | * <b>Schema Update Notice #1:</b> |
| 114 | 125 | This release drops a trigger from the database schema (replacing |
| 115 | 126 | it with a TEMP trigger that is created as needed). This |
| 116 | 127 | change happens automatically the first time you |
| 117 | 128 | add content to a repository using Fossil 2.14 or later. No |
| 118 | 129 |
| --- www/changes.wiki | |
| +++ www/changes.wiki | |
| @@ -1,9 +1,12 @@ | |
| 1 | <title>Change Log</title> |
| 2 | |
| 3 | <a name='v2_16'></a> |
| 4 | <h2>Changes for Version 2.16 (pending)</h2> |
| 5 | * The [/brlist|/brlist web page] allows the user to |
| 6 | select multiple branches to be displayed together in a single |
| 7 | timeline. |
| 8 | * The [./forum.wiki|Forum] provides a hyperlink on the author of each |
| 9 | post that goes to a timeline of recent posts by that same author. |
| @@ -24,13 +27,17 @@ | |
| 24 | a specific number of days (ex: 365) after the last user contact with |
| 25 | the Fossil server |
| 26 | This can prevents alert emails being sent to |
| 27 | abandoned email accounts forever. |
| 28 | |
| 29 | <a name='v2_15'></a> |
| 30 | <h2>Changes for Version 2.15 (2021-03-26) and Patch 2.15.1 on (2021-04-07)</h2> |
| 31 | * <b>Patch 2.15.1:</b> Fix a data exfiltration bug in the server. <b>Upgrading to |
| 32 | the patch is recommended.</b><p> |
| 33 | * The [./defcsp.md|default CSP] has been relaxed slightly to allow |
| 34 | images to be loaded from any URL. All other resources are still |
| 35 | locked down by default. |
| 36 | * The built-in skins all use the "[/help?cmd=mainmenu|mainmenu]" |
| 37 | setting to determine the content of the main menu. |
| @@ -105,13 +112,17 @@ | |
| 105 | versions of a wiki (by the means of anchoring a "baseline" version) |
| 106 | and the ability to squeeze several sequential edits made by the same |
| 107 | user into a single "recycled" row (the latest edit in that sequence). |
| 108 | |
| 109 | <a name='v2_14'></a> |
| 110 | <h2>Changes for Version 2.14 (2021-01-20) and Patch 2.14.1 on (2021-04-07)</h2> |
| 111 | * <b>Patch 2.14.1:</b> Fix a data exfiltration bug in the server. |
| 112 | <b>Upgrading to the patch is recommended.</b><p> |
| 113 | * <b>Schema Update Notice #1:</b> |
| 114 | This release drops a trigger from the database schema (replacing |
| 115 | it with a TEMP trigger that is created as needed). This |
| 116 | change happens automatically the first time you |
| 117 | add content to a repository using Fossil 2.14 or later. No |
| 118 |
| --- www/changes.wiki | |
| +++ www/changes.wiki | |
| @@ -1,9 +1,12 @@ | |
| 1 | <title>Change Log</title> |
| 2 | |
| 3 | <a name='v2_16'></a> |
| 4 | <h2>Changes for Version 2.16 (pending)</h2> |
| 5 | * <b>Security:</b> Fix the client-side TLS so that it verifies that the |
| 6 | server hostname matches its certificate. <b>Upgrading to |
| 7 | the patch is recommended.</b> |
| 8 | * The [/brlist|/brlist web page] allows the user to |
| 9 | select multiple branches to be displayed together in a single |
| 10 | timeline. |
| 11 | * The [./forum.wiki|Forum] provides a hyperlink on the author of each |
| 12 | post that goes to a timeline of recent posts by that same author. |
| @@ -24,13 +27,17 @@ | |
| 27 | a specific number of days (ex: 365) after the last user contact with |
| 28 | the Fossil server |
| 29 | This can prevents alert emails being sent to |
| 30 | abandoned email accounts forever. |
| 31 | |
| 32 | <a name='v2_15'></a> |
| 33 | <h2>Changes for Version 2.15 (2021-03-26) and Patch 2.15.1 on (2021-04-07) |
| 34 | and 2.15.2 on (2021-06-15)</h2> |
| 35 | * <b>Patch 2.15.2:</b> Fix the client-side TLS so that it verifies that the |
| 36 | server hostname matches its certificate. <b>Upgrading to |
| 37 | the patch is recommended.</b> |
| 38 | * <b>Patch 2.15.1:</b> Fix a data exfiltration bug in the server. <b>Upgrading to |
| 39 | the patch is recommended.</b> |
| 40 | * The [./defcsp.md|default CSP] has been relaxed slightly to allow |
| 41 | images to be loaded from any URL. All other resources are still |
| 42 | locked down by default. |
| 43 | * The built-in skins all use the "[/help?cmd=mainmenu|mainmenu]" |
| 44 | setting to determine the content of the main menu. |
| @@ -105,13 +112,17 @@ | |
| 112 | versions of a wiki (by the means of anchoring a "baseline" version) |
| 113 | and the ability to squeeze several sequential edits made by the same |
| 114 | user into a single "recycled" row (the latest edit in that sequence). |
| 115 | |
| 116 | <a name='v2_14'></a> |
| 117 | <h2>Changes for Version 2.14 (2021-01-20) and Patch 2.14.1 on (2021-04-07) |
| 118 | and 2.14.2 on (2021-06-15)</h2> |
| 119 | * <b>Patch 2.14.2:</b> Fix the client-side TLS so that it verifies that the |
| 120 | server hostname matches its certificate. <b>Upgrading to |
| 121 | the patch is recommended.</b>< |
| 122 | * <b>Patch 2.14.1:</b> Fix a data exfiltration bug in the server. |
| 123 | <b>Upgrading to the patch is recommended.</b> |
| 124 | * <b>Schema Update Notice #1:</b> |
| 125 | This release drops a trigger from the database schema (replacing |
| 126 | it with a TEMP trigger that is created as needed). This |
| 127 | change happens automatically the first time you |
| 128 | add content to a repository using Fossil 2.14 or later. No |
| 129 |