Good Morning! This are the git changes for DokuWiki committed yesterday. Please test them and report bugs. --------------------------------------------------------------------- http://github.com/splitbrain/dokuwiki/commit/2f85287ef7aafab72cec14c85c1ab4cd1d7facc9 Author: Adrian Lang <mail[at]adrianlang.de> Date: Thu Apr 19 12:12:33 2012 +0200 Release preparations http://github.com/splitbrain/dokuwiki/commit/ff71173477e54774b5571015d49d944f51cb8a26 Author: Andreas Gohr <gohr[at]cosmocode.de> Date: Thu Apr 19 11:26:46 2012 +0200 escape target error message (SECURITY) FS#2487 FS#2488 The error message when a non-existant editor was tried to load wasn't escaped correctly, allowing to introduce arbitrary JavaScript to the output, leading to a XSS vulnerability. Note: the reported second XCRF vulnerability is the same bug, the xploit code simply uses JavaScript to extract a valid CSRF token from the site http://github.com/splitbrain/dokuwiki/commit/56ef9b96cf85ba4b1e5df37ac113143f102d3642 Author: Andreas Gohr <gohr[at]cosmocode.de> Date: Thu Apr 19 11:23:45 2012 +0200 some more debug output in the indexer webbug --------------------------------------------------------------------- You can download individual diffs or patches by appending .diff or .patch to the given commit URLs above. Bye, your git changelog mailer -- DokuWiki mailing list - more info at http://www.dokuwiki.org/mailinglist