Fossil

Check-in [3ebbe7bc]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Increase the version number to 2.4 and update the change log.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:3ebbe7bcaa8f22216519b25609bdf2f34e825179edd3025dcba5fb0daa843697
User & Date: drh 2017-08-11 16:00:55
Context
2017-08-12
04:19
Typo correction check-in: 45a3d4b1 user: andygoth tags: trunk
2017-08-11
16:00
Increase the version number to 2.4 and update the change log. check-in: 3ebbe7bc user: drh tags: trunk
15:29
Fix the SSH sync protocol to avoid "ssh" command-line option injection attacks such as those fixed in Git 2.14.1, Mercurial 4.2.3, and Subversion 1.9.7. As "ssh://" URLs cannot be buried out of sight in Fossil, the vulnerability does not appear to be as severe as in those other systems. check-in: 1f63db59 user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to VERSION.

1
2.3
|
1
2.4

Changes to www/changes.wiki.

1
2
3
4
5



6
7
8
9
10
11
12
<title>Change Log</title>

<a name='v2_4'></a>
<h2>Changes for Version 2.4 (TBD)</h2>




  *  Correct the [/help?cmd=/doc|/doc] page to support read-only repositories.
  *  Correct [/help?cmd=/zip|/zip], [/help?cmd=/tarball|/tarball],
     [/help?cmd=zip|zip], and [/help?cmd=tarball|tarball] pages and commands to
     honor the versioned manifest setting when outside of an open checkout
     directory.

<a name='v2_3'></a>





>
>
>







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<title>Change Log</title>

<a name='v2_4'></a>
<h2>Changes for Version 2.4 (TBD)</h2>

  *  Fix the "ssh://" protocol to prevent an attacks whereby the attacker convinces
     a victim to run a "clone" with a dodgy URL and thereby gains access to their
     system.
  *  Correct the [/help?cmd=/doc|/doc] page to support read-only repositories.
  *  Correct [/help?cmd=/zip|/zip], [/help?cmd=/tarball|/tarball],
     [/help?cmd=zip|zip], and [/help?cmd=tarball|tarball] pages and commands to
     honor the versioned manifest setting when outside of an open checkout
     directory.

<a name='v2_3'></a>