Skip to content

Commit

Permalink
changelog for 2.0.5
Browse files Browse the repository at this point in the history
  • Loading branch information
omar-polo committed Jun 11, 2024
1 parent a4f18ac commit a33eaaa
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 0 deletions.
21 changes: 21 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,5 +1,26 @@
2024-06-11 Omar Polo <op@omarpolo.com>

* configure (VERSION): release 2.0.5

2024-06-10 Omar Polo <op@omarpolo.com>

* don't error on a '..' component at the start of the path
* reject NUL bytes embedded in the request

2024-06-09 Omar Polo <op@omarpolo.com>

* check for truncation various strlcpy calls.
* clean up of a few unused prototypes and externs.

2024-06-08 Omar Polo <op@omarpolo.com>

* configure: change how strnvis(3) is handled: on systems
with the broken interface gmid will just use its built-in
version.

2024-06-06 Omar Polo <op@omarpolo.com>

* parse.y: allow again empty lines at the start of the config
* configure (VERSION): release 2.0.4
* portability fix for system with a wrong strnvis(3)

Expand Down
9 changes: 9 additions & 0 deletions site/changelog.gmi
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
# change log

## 2024/06/11 - 2.0.5 “Lady Stardust” security release

This release fixes a logic error that can result in a DoS; therefore is a strongly reccomended update for all users. It's safe to update to it from any version of the 2.0.x series.

* allow again empty lines at the start of the configuration file
* change how strnvis(3) is handled: on systems with the broken interface gmid will just use its own built-in version
* reject requests with NUL bytes in them.
* don't error on a '..' component at the start of the path.

## 2024/06/06 - 2.0.4 “Lady Stardust” bugfix release

* add a nicer error message if the removed `cgi' option is still used. Reported by freezr.
Expand Down

0 comments on commit a33eaaa

Please sign in to comment.