Etusivu Tutki Apua
Kirjaudu sisään
LBP
/
miniflux_v2
peilaus alkaen https://github.com/miniflux/v2.git
4
0
Fork 0
Tiedostot Ongelmat 0 Wiki
Selaa lähdekoodia

Update ChangeLog

Frédéric Guillot 3 vuotta sitten
vanhempi
11a352dcfd
commit
ab209df78f
1 muutettua tiedostoa jossa 43 lisäystä ja 0 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 43 0
      ChangeLog

+ 43 - 0
ChangeLog
Näytä tiedosto 

@@ -1,3 +1,46 @@
 
+Version 2.0.43 (March 16, 2023)
 
+-------------------------------
 
+
 
+* Avoid XSS when opening a broken image due to unescaped ServerError in proxy handler (CVE-2023-27592)
 
+    
+    Creating an RSS feed item with the inline description containing an `<img>` tag
 
+    with a `srcset` attribute pointing to an invalid URL like
 
+    `http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error
 
+    condition where the invalid URL is returned unescaped and in full.
 
+    
+    This results in JavaScript execution on the Miniflux instance as soon as the
 
+    user is convinced to open the broken image.
 
+
 
+* Use `r.RemoteAddr` to check `/metrics` endpoint network access (CVE-2023-27591)
 
+    
+    HTTP headers like `X-Forwarded-For` or `X-Real-Ip` can be easily spoofed. As
 
+    such, it cannot be used to test if the client IP is allowed.
 
+    
+    The recommendation is to use HTTP Basic authentication to protect the
 
+    metrics endpoint, or run Miniflux behind a trusted reverse-proxy.
 
+
 
+* Add HTTP Basic authentication for `/metrics` endpoint
 
+* Add proxy support for several media types
 
+* Parse feed categories from RSS, Atom and JSON feeds
 
+* Ignore empty link when discovering feeds
 
+* Disable CGO explicitly to make sure the binary is statically linked
 
+* Add CSS classes to differentiate between category/feed/entry view and icons
 
+* Add rewrite and scraper rules for `blog.cloudflare.com`
 
+* Add `color-scheme` to themes
 
+* Add new keyboard shortcut to toggle open/close entry attachments section
 
+* Sanitizer: allow `id` attribute in `<sup>` element
 
+* Add Indonesian Language
 
+* Update translations
 
+* Update Docker Compose examples:
 
+    - Run the application in one command
 
+    - Bring back the health check condition to `depends_on`
 
+    - Remove deprecated `version` element
 
+* Update scraping rules for `ilpost.it`
 
+* Bump `github.com/PuerkitoBio/goquery` from `1.8.0` to `1.8.1`
 
+* Bump `github.com/tdewolff/minify/v2` from `2.12.4` to `2.12.5`
 
+* Bump `github.com/yuin/goldmark` from `1.5.3` to `1.5.4`
 
+* Bump `golang.org/x/*` dependencies
 
+
 
 Version 2.0.42 (January 29, 2023)
 
 ---------------------------------