diff options
| author | Omar Polo <op@omarpolo.com> | 2024-06-11 08:18:10 +0000 |
|---|---|---|
| committer | Omar Polo <op@omarpolo.com> | 2024-06-11 08:18:10 +0000 |
| commit | a33eaaa9250fa097431f2310d58751a05d7bbdbc (patch) | |
| tree | 46a2251849b5bdb61dcc7a24e0516218327de5f1 /site | |
| parent | a4f18acde37539867460030daac01d28d616311b (diff) | |
changelog for 2.0.5
Diffstat (limited to 'site')
| -rw-r--r-- | site/changelog.gmi | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/site/changelog.gmi b/site/changelog.gmi index e546545..1322889 100644 --- a/site/changelog.gmi +++ b/site/changelog.gmi @@ -1,5 +1,14 @@ # change log +## 2024/06/11 - 2.0.5 “Lady Stardust” security release + +This release fixes a logic error that can result in a DoS; therefore is a strongly reccomended update for all users. It's safe to update to it from any version of the 2.0.x series. + +* allow again empty lines at the start of the configuration file +* change how strnvis(3) is handled: on systems with the broken interface gmid will just use its own built-in version +* reject requests with NUL bytes in them. +* don't error on a '..' component at the start of the path. + ## 2024/06/06 - 2.0.4 “Lady Stardust” bugfix release * add a nicer error message if the removed `cgi' option is still used. Reported by freezr. |