File: [cvs.NetBSD.org] / pkgsrc / www / wordpress / distinfo (download)
Revision 1.23.2.1, Sun Jan 27 14:06:48 2013 UTC (11 years, 2 months ago) by spz
Branch: pkgsrc-2012Q4
Changes since 1.23: +4 -4
lines
Pullup ticket #4042 - requested by morr
www/wordpress: security update
Revisions pulled up:
- www/wordpress/Makefile 1.30
- www/wordpress/PLIST 1.14
- www/wordpress/distinfo 1.24
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: morr
Date: Sun Jan 27 07:51:37 UTC 2013
Modified Files:
pkgsrc/www/wordpress: Makefile PLIST distinfo
Log Message:
This maintenance release addresses 37 bugs with version 3.5, including:
* Editor: Prevent certain HTML elements from being unexpectedly removed or
modified in rare cases.
* Media: Fix a collection of minor workflow and compatibility issues in the new
media manager.
* Networks: Suggest proper rewrite rules when creating a new network.
* Prevent scheduled posts from being stripped of certain HTML, such as video
embeds, when they are published.
* Work around some misconfigurations that may have caused some JavaScript in
the WordPress admin area to fail.
* Suppress some warnings that could occur when a plugin misused the database or
user APIs.
Additionally: Version 3.5.1 fixes a few security issues:
* Server-side request forgery (SSRF) and remote port scanning via pingbacks.
Fixed by the WordPress security team.
* Cross-site scripting (XSS) via shortcodes and post content. Discovered by Jon
Cave of the WordPress security team.
* Cross-site scripting (XSS) in the external library Plupload. Plupload 1.5.5
was released to address this issue.
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 pkgsrc/www/wordpress/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/wordpress/PLIST
cvs rdiff -u -r1.23 -r1.24 pkgsrc/www/wordpress/distinfo
|