Fossil

Check-in [3c1a2764]
Login

Check-in [3c1a2764]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Update the change log for the TLS security patch.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 3c1a27646cc64edeff298daac3f9771208fd77503e9231d0e5e5831d73bcaa14
User & Date: drh 2021-06-15 01:30:47
Context
2021-06-15
02:29
/chat: in the popup which is triggered by tapping a user's name add a link to the /timeline filtered on that user, per suggestion by Sean in the forum. ... (check-in: b71be5ef user: stephan tags: trunk)
01:30
Update the change log for the TLS security patch. ... (check-in: 3c1a2764 user: drh tags: trunk)
00:39
Fix the client-side SSL connection setup so that it actually verifies the hostname on the certification from the server. ... (check-in: aaab2a15 user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to www/changes.wiki. 

1
2
3
4



5
6
7
8
9
10
11

<title>Change Log</title>

<a name='v2_16'></a>
<h2>Changes for Version 2.16 (pending)</h2>



  *  The [/brlist|/brlist web page] allows the user to
     select multiple branches to be displayed together in a single
     timeline.
  *  The [./forum.wiki|Forum] provides a hyperlink on the author of each
     post that goes to a timeline of recent posts by that same author.
  *  The [/help?cmd=merge|fossil merge] command now does a better job merging
     branches where files have been renamed between the current branch and the





>
>
>








1
2
3
4
5
6
7
8
9
10
11
12
13
14

<title>Change Log</title>

<a name='v2_16'></a>
<h2>Changes for Version 2.16 (pending)</h2>
  *  <b>Security:</b> Fix the client-side TLS so that it verifies that the
     server hostname matches its certificate. <b>Upgrading to
     the patch is recommended.</b>
  *  The [/brlist|/brlist web page] allows the user to
     select multiple branches to be displayed together in a single
     timeline.
  *  The [./forum.wiki|Forum] provides a hyperlink on the author of each
     post that goes to a timeline of recent posts by that same author.
  *  The [/help?cmd=merge|fossil merge] command now does a better job merging
     branches where files have been renamed between the current branch and the

22
23
24
25
26
27
28
29




30
31
32
33
34
35
36
37
38

     list of the "[/help?cmd=all|fossil all ui]" command.
  *  Administrators can configure [./alerts|email alerts] to expire
     a specific number of days (ex: 365) after the last user contact with
     the Fossil server  This can prevents alert emails being sent to 
     abandoned email accounts forever.

<a name='v2_15'></a>
<h2>Changes for Version 2.15 (2021-03-26) and Patch 2.15.1 on (2021-04-07)</h2>




  *  <b>Patch 2.15.1:</b> Fix a data exfiltration bug in the server.  <b>Upgrading to
     the patch is recommended.</b><p>
  *  The [./defcsp.md|default CSP] has been relaxed slightly to allow
     images to be loaded from any URL.  All other resources are still
     locked down by default.
  *  The built-in skins all use the "[/help?cmd=mainmenu|mainmenu]"
     setting to determine the content of the main menu.
     The ability to edit the 
     "mainmenu" setting is added on the /Admin/Configuration page.








|
>
>
>
>

|








25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

     list of the "[/help?cmd=all|fossil all ui]" command.
  *  Administrators can configure [./alerts|email alerts] to expire
     a specific number of days (ex: 365) after the last user contact with
     the Fossil server  This can prevents alert emails being sent to 
     abandoned email accounts forever.

<a name='v2_15'></a>
<h2>Changes for Version 2.15 (2021-03-26) and Patch 2.15.1 on (2021-04-07)
    and 2.15.2 on (2021-06-15)</h2>
  *  <b>Patch 2.15.2:</b> Fix the client-side TLS so that it verifies that the
     server hostname matches its certificate. <b>Upgrading to
     the patch is recommended.</b>
  *  <b>Patch 2.15.1:</b> Fix a data exfiltration bug in the server.  <b>Upgrading to
     the patch is recommended.</b>
  *  The [./defcsp.md|default CSP] has been relaxed slightly to allow
     images to be loaded from any URL.  All other resources are still
     locked down by default.
  *  The built-in skins all use the "[/help?cmd=mainmenu|mainmenu]"
     setting to determine the content of the main menu.
     The ability to edit the 
     "mainmenu" setting is added on the /Admin/Configuration page.

103
104
105
106
107
108
109
110




111
112
113
114
115
116
117
118
119

  *  Webpage that shows [/help?cmd=/whistory|history of a wiki page]
     gained client-side UI to help with comparison between two arbitrary
     versions of a wiki (by the means of anchoring a "baseline" version)
     and the ability to squeeze several sequential edits made by the same
     user into a single "recycled" row (the latest edit in that sequence).

<a name='v2_14'></a>
<h2>Changes for Version 2.14 (2021-01-20) and Patch 2.14.1 on (2021-04-07)</h2>




  *  <b>Patch 2.14.1:</b> Fix a data exfiltration bug in the server.
     <b>Upgrading to the patch is recommended.</b><p>
  *  <b>Schema Update Notice #1:</b>
     This release drops a trigger from the database schema (replacing
     it with a TEMP trigger that is created as needed).  This
     change happens automatically the first time you
     add content to a repository using Fossil 2.14 or later.  No
     action is needed on your part. However, if you upgrade to 
     version 2.14 and then later downgrade or otherwise use an earlier








|
>
>
>
>

|








110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

  *  Webpage that shows [/help?cmd=/whistory|history of a wiki page]
     gained client-side UI to help with comparison between two arbitrary
     versions of a wiki (by the means of anchoring a "baseline" version)
     and the ability to squeeze several sequential edits made by the same
     user into a single "recycled" row (the latest edit in that sequence).

<a name='v2_14'></a>
<h2>Changes for Version 2.14 (2021-01-20) and Patch 2.14.1 on (2021-04-07)
    and 2.14.2 on (2021-06-15)</h2>
  *  <b>Patch 2.14.2:</b> Fix the client-side TLS so that it verifies that the
     server hostname matches its certificate. <b>Upgrading to
     the patch is recommended.</b><
  *  <b>Patch 2.14.1:</b> Fix a data exfiltration bug in the server.
     <b>Upgrading to the patch is recommended.</b>
  *  <b>Schema Update Notice #1:</b>
     This release drops a trigger from the database schema (replacing
     it with a TEMP trigger that is created as needed).  This
     change happens automatically the first time you
     add content to a repository using Fossil 2.14 or later.  No
     action is needed on your part. However, if you upgrade to 
     version 2.14 and then later downgrade or otherwise use an earlier