X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=CHANGELOG.md;h=51c60d4c47f933d364073ee01e6100705b201450;hb=9cd0df4d07599e8f0406c5cd867ebd01edc03846;hp=ffda8a1b4e30291a29210b48b8123ca8130478a0;hpb=bea80e43a3714663b0c32879f7bdf4fd19161b2e;p=github%2Fshaarli%2FShaarli.git diff --git a/CHANGELOG.md b/CHANGELOG.md index ffda8a1b..51c60d4c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,35 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). -## [v0.8.1](https://github.com/shaarli/Shaarli/releases/tag/v0.8.1) - UNPUBLISHED +## [v0.8.5](https://github.com/shaarli/Shaarli/releases/tag/v0.8.5) - 2018-01-04 + + **XSS vulnerability fixed. Please update.** + +### Security +- Fix an XSS (cross-site-scripting) vulnerability in `index.php` + + +## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04 +### Security +- Markdown plugin: escape HTML entities by default + + +## [v0.8.3](https://github.com/shaarli/Shaarli/releases/tag/v0.8.3) - 2017-01-20 + +### Fixed + +- PHP 7.1 compatibility: add ConfigManager parameter to anti-bruteforce function call in login template. + +## [v0.8.2](https://github.com/shaarli/Shaarli/releases/tag/v0.8.2) - 2016-12-15 + +### Fixed + +- Editing a link created before the new ID system would change its permalink. + +## [v0.8.1](https://github.com/shaarli/Shaarli/releases/tag/v0.8.1) - 2016-12-12 + +> Note: this version will create an automatic backup of your database if anything goes wrong. + ### Added - Add CHANGELOG.md to track the whole project's history - Enable Composer cache for Travis builds @@ -18,7 +46,14 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - Meta tag to *not* send the referrer to external resources. ### Changed -- Cleanup `{loop}` declarations in templates +- Link ID complete refactoring: + - Links now have a numeric ID instead of dates + - Short URLs are now created once and can't change over time (previous URL are kept) +- Templates: + - Changed placeholder behaviour for: `buttons_toolbar`, `fields_toolbar` and `action_plugin` + - Cleanup `{loop}` declarations in templates + - Tools: hide Firefox Social button when not in HTTPS + - Firefox Social: show Shaarli's title when shaaring using Firefox Social - Release archives now have the same structure as GitHub-generated archives: - archives contain a `Shaarli` directory, itself containing sources + dependencies - the tarball is now gzipped @@ -26,8 +61,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - Markdown: Parsedown library is now imported through Composer - Minor code cleanup: PHPDoc, spelling, unused variables, etc. - Docker: explicitly set the maximum file upload size to 10 MiB -- Tools: hide Firefox Social button when not in HTTPS -- Firefox Social: show Shaarli's title when shaaring using Firefox Social ### Fixed - Fix the server `` value in Atom/RSS feeds @@ -40,6 +73,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/). - W3C compliance - Use absolute URL for hashtags in RSS and ATOM feeds - Docker: specify the location of the favicon +- ATOM feed: remove new line between content tag and data ### Security - Allow whitelisting trusted IPs, else continue banning clients upon login failure