Signed-off-by: VirtualTam <virtualtam@flibidi.net>
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).
The format is based on [Keep a Changelog](http://keepachangelog.com/)
and this project adheres to [Semantic Versioning](http://semver.org/).
+## [v0.9.3](https://github.com/shaarli/Shaarli/releases/tag/v0.9.3) - 2018-01-04
+**XSS vulnerability fixed. Please update.**
+
+## Security
+- Fix an XSS (cross-site-scripting) vulnerability in `index.php`
+
+
## [v0.9.2](https://github.com/shaarli/Shaarli/releases/tag/v0.9.2) - 2017-10-07
**Major security issue fixed. Please update.**
## [v0.9.2](https://github.com/shaarli/Shaarli/releases/tag/v0.9.2) - 2017-10-07
**Major security issue fixed. Please update.**
- Fixed reflected XSS vulnerability introduced in v0.9.1, discovered by @chb9 ([CVE-2017-15215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15215)).
- Fixed reflected XSS vulnerability introduced in v0.9.1, discovered by @chb9 ([CVE-2017-15215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15215)).
## [v0.9.1](https://github.com/shaarli/Shaarli/releases/tag/v0.9.1) - 2017-08-23
The documentation has been migrated to ReadTheDocs:
## [v0.9.1](https://github.com/shaarli/Shaarli/releases/tag/v0.9.1) - 2017-08-23
The documentation has been migrated to ReadTheDocs:
- Introduce a new theme
- Allow selecting themes/templates from the configuration page
- New/Edit link form can be submitted using CTRL+Enter in the textarea
- Introduce a new theme
- Allow selecting themes/templates from the configuration page
- New/Edit link form can be submitted using CTRL+Enter in the textarea
- - Shaarli version is displayed in the footer when logged in
+ - Shaarli version is displayed in the footer when logged in
- Add plugin placeholders to Atom/RSS feed templates
- Add OpenSearch to feed templates
- Add `campaign_` to the URL cleanup pattern list
- Add plugin placeholders to Atom/RSS feed templates
- Add OpenSearch to feed templates
- Add `campaign_` to the URL cleanup pattern list
- Improved date time display depending on the locale
- Partial namespace support for Shaarli classes
- Shaarli version is now only present in `shaarli_version.php`
- Improved date time display depending on the locale
- Partial namespace support for Shaarli classes
- Shaarli version is now only present in `shaarli_version.php`
-- Human readable maximum file size upload
+- Human readable maximum file size upload
- Markdown plugin: escape HTML entities by default
- Markdown plugin: escape HTML entities by default
+## [v0.8.5](https://github.com/shaarli/Shaarli/releases/tag/v0.8.5) - 2018-01-04
+**XSS vulnerability fixed. Please update.**
+
+## Security
+- Fix an XSS (cross-site-scripting) vulnerability in `index.php`
+
## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04
### Security
- Markdown plugin: escape HTML entities by default
## [v0.8.4](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4) - 2017-03-04
### Security
- Markdown plugin: escape HTML entities by default
## [v0.8.1](https://github.com/shaarli/Shaarli/releases/tag/v0.8.1) - 2016-12-12
## [v0.8.1](https://github.com/shaarli/Shaarli/releases/tag/v0.8.1) - 2016-12-12
-> Note: this version will create an automatic backup of your database if anything goes wrong.
+> Note: this version will create an automatic backup of your database if anything goes wrong.
### Added
- Add CHANGELOG.md to track the whole project's history
### Added
- Add CHANGELOG.md to track the whole project's history
- Link ID complete refactoring:
- Links now have a numeric ID instead of dates
- Short URLs are now created once and can't change over time (previous URL are kept)
- Link ID complete refactoring:
- Links now have a numeric ID instead of dates
- Short URLs are now created once and can't change over time (previous URL are kept)
- Changed placeholder behaviour for: `buttons_toolbar`, `fields_toolbar` and `action_plugin`
- Cleanup `{loop}` declarations in templates
- Tools: hide Firefox Social button when not in HTTPS
- Changed placeholder behaviour for: `buttons_toolbar`, `fields_toolbar` and `action_plugin`
- Cleanup `{loop}` declarations in templates
- Tools: hide Firefox Social button when not in HTTPS
- Plugins:
- Tools: only display parameter description when it exists
- archive.org: do not propose archival of private notes
- Plugins:
- Tools: only display parameter description when it exists
- archive.org: do not propose archival of private notes
- render links properly in code blocks
- bug regarding the `nomarkdown` tag
- W3C compliance
- render links properly in code blocks
- bug regarding the `nomarkdown` tag
- W3C compliance
### Fixed
- Fix a bug where renaming a tag was causing a 404
- Fix a bug allowing to search blank terms
### Fixed
- Fix a bug where renaming a tag was causing a 404
- Fix a bug allowing to search blank terms
-- Fix a bug preventing to remove a tag with special chars when searching
+- Fix a bug preventing to remove a tag with special chars when searching
## [v0.6.2](https://github.com/shaarli/Shaarli/releases/tag/v0.6.2) - 2015-12-23
## [v0.6.2](https://github.com/shaarli/Shaarli/releases/tag/v0.6.2) - 2015-12-23
- When you click the key to see only private links, it turns yellow
### Changed
- When you click the key to see only private links, it turns yellow
### Changed
-- The "Daily" page now automatically skips empty days.
+- The "Daily" page now automatically skips empty days.
### Fixed
- Corrected the tag encoding (there was a bug when selecting a second tag which contains accented characters)
### Fixed
- Corrected the tag encoding (there was a bug when selecting a second tag which contains accented characters)
- Nicer timezone selection patch by killruana
### Fixed
- Nicer timezone selection patch by killruana
### Fixed
-- New lines now appear correctly in the RSS feed descriptions.
+- New lines now appear correctly in the RSS feed descriptions.
## [v0.0.17beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
## [v0.0.17beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
## [v0.0.14beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- You no longer need to disable `magic_quotes` on your host.
## [v0.0.14beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
### Added
- You no longer need to disable `magic_quotes` on your host.
- Shaarli will cope with this option beeing activated.
+ Shaarli will cope with this option beeing activated.
## [v0.0.13beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
## [v0.0.13beta](http://sebsauvage.net/wiki/doku.php?id=php:shaarli:history)
_Shaarli is a minimalist link sharing service that you can install on your own server._
_It is designed to be personal (single-user), fast and handy._
_Shaarli is a minimalist link sharing service that you can install on your own server._
_It is designed to be personal (single-user), fast and handy._
-[![](https://img.shields.io/badge/stable-v0.8.4-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.8.4)
+[![](https://img.shields.io/badge/stable-v0.8.5-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.8.5)
[![](https://img.shields.io/travis/shaarli/Shaarli/stable.svg?label=stable)](https://travis-ci.org/shaarli/Shaarli)
•
[![](https://img.shields.io/travis/shaarli/Shaarli/stable.svg?label=stable)](https://travis-ci.org/shaarli/Shaarli)
•
-[![](https://img.shields.io/badge/latest-v0.9.2-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.9.2)
+[![](https://img.shields.io/badge/latest-v0.9.3-blue.svg)](https://github.com/shaarli/Shaarli/releases/tag/v0.9.3)
[![](https://img.shields.io/travis/shaarli/Shaarli/latest.svg?label=latest)](https://travis-ci.org/shaarli/Shaarli)
•
[![](https://img.shields.io/badge/master-v0.9.x-blue.svg)](https://github.com/shaarli/Shaarli)
[![](https://img.shields.io/travis/shaarli/Shaarli/latest.svg?label=latest)](https://travis-ci.org/shaarli/Shaarli)
•
[![](https://img.shields.io/badge/master-v0.9.x-blue.svg)](https://github.com/shaarli/Shaarli)
In most cases, you should download the latest Shaarli release from the [releases](https://github.com/shaarli/Shaarli/releases) page. **Download our *shaarli-full* archive** to include dependencies.
In most cases, you should download the latest Shaarli release from the [releases](https://github.com/shaarli/Shaarli/releases) page. **Download our *shaarli-full* archive** to include dependencies.
-The current latest released version is `v0.9.1`
+The current latest released version is `v0.9.3`
-$ wget https://github.com/shaarli/Shaarli/releases/download/v0.9.1/shaarli-v0.9.1-full.zip
-$ unzip shaarli-v0.9.1-full.zip
+$ wget https://github.com/shaarli/Shaarli/releases/download/v0.9.3/shaarli-v0.9.3-full.zip
+$ unzip shaarli-v0.9.3-full.zip
$ mv Shaarli /path/to/shaarli/
```
$ mv Shaarli /path/to/shaarli/
```
To get the latest changes from the `master` branch:
```bash
To get the latest changes from the `master` branch:
```bash
$ git clone https://github.com/shaarli/Shaarli.git -b master /path/to/shaarli/
# install/update third-party dependencies
$ cd /path/to/shaarli
$ git clone https://github.com/shaarli/Shaarli.git -b master /path/to/shaarli/
# install/update third-party dependencies
$ cd /path/to/shaarli