[no description] https://git.osdyson.ru/mirror/pkgsrc/atom?h=pkgsrc-2011Q3 2011-09-16T05:46:22Z 2011-09-16T05:46:22Z obache obache@pkgsrc.org 2011-09-16T05:46:22Z urn:sha1:d156436aa30ae2922b43c28c90c2dc4f8c2cecd4 2011-08-19T18:18:26Z morr morr@pkgsrc.org 2011-08-19T18:18:26Z urn:sha1:f390bb7d49f31d1c67da06dce076efc6cee22e65 From the Announcement blog: "This maintenance release fixes a server incompatibility related to JSON that’s unfortunately affected some of you, as well as a few other fixes in the new dashboard design and the Twenty Eleven theme." 2011-07-11T22:53:49Z morr morr@pkgsrc.org 2011-07-11T22:53:49Z urn:sha1:900ef38177216b2ab4657bd39194084309237169 Highlights: * Refreshed Administrative UI - Admin redesign * New Default Theme "Twenty Eleven" - Uses the latest Theme Features * Full Screen Editor - Distraction free writing experience * Extended Admin Bar - More useful links to control the site * Enhanced Browser Compatibility - - Drop Internet Explorer 6 support - Start End-of-life (EOL) cycle for Internet Explorer 7 - Browse Happy notify users of out-of-date browser * WordPress is Faster and Lighter - - Faster page loads -- We've gone through the most commonly loaded pages in WP and done improvements to their load time - Faster Upgrades -- The update system now support incremental upgrades so after 3.2 you'll find upgrading faster than ever - Optimizations to WP_Filesystem -- Updates over FTP are now much quicker and less error prone - Stream downloads to the filesystem -- Improves update times and lowers the memory footprint - Performance improvements for wptexturize() - Remove PHP4 compatibility including timezone support - More efficient term intersection queries - Some optimizations in the HTML sanitizer (kses) - Speed optimizations for is_serialized_string() - Cache the Dashboard RSS Widgets HTML output to reduce unnecessary Ajax requests as well as the memory footprint - And many other improvements and tweaks Contains also security fixes from wordpress 3.1.4. 2011-05-26T22:59:38Z morr morr@pkgsrc.org 2011-05-26T22:59:38Z urn:sha1:ba5ffe074ec522a5d959e0218043e5aaff6b9699 * Various security hardening by Alexander Concha. * Taxonomy query hardening by John Lamansky. * Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros. * Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research. * Improves file upload security on hosts with dangerous security settings. * Cleans up old WordPress import files if the import does not finish. * Introduce "clickjacking" protection in modern browsers on admin and login pages. 2011-05-08T20:43:36Z morr morr@pkgsrc.org 2011-05-08T20:43:36Z urn:sha1:584ec4610b228208a1b9be1a61ad1d9f98f909b7 * Fix a vulnerability that allowed Contributor-level users to improperly publish posts. * Fix user queries ordered by post count. * Fix multiple tag queries. * Prevent over-escaping of post titles when using Quick Edit for pages. 2011-04-09T00:57:42Z morr morr@pkgsrc.org 2011-04-09T00:57:42Z urn:sha1:f3e28d1549dbc4e51676c031233d3d325d6a0968 This maintenance and security release fixes almost thirty issues in 3.1, including: * Some security hardening to media uploads * Performance improvements * Fixes for IIS6 support * Fixes for taxonomy and PATHINFO (/index.php/) permalinks * Fixes for various query and taxonomy edge cases that caused some plugin compatibility issues Version 3.1.1 also addresses three security issues discovered by WordPress core developers Jon Cave and Peter Westwood, of wordpress's security team. The first hardens CSRF prevention in the media uploader. The second avoids a PHP crash in certain environments when handling devilishly devised links in comments, and the third addresses an XSS flaw. 2011-02-27T10:30:16Z morr morr@pkgsrc.org 2011-02-27T10:30:16Z urn:sha1:683505e3894f5c11ec87dbb14622558acbf84aba Changes: * Internal Linking - click a button for an internal link and it allows you to search for a post or browse a list of existing content and select it for inclusion. * Admin Bar - contains various links to useful admin screens. By default, the admin bar is displayed when a user is logged in and visiting the site and is not displayed in admin screens for single blog installs. For multisite installs, the admin bar is displayed both when visiting the site and in the admin screens. * Streamlined Writing Interface - new users of WordPress will find the write screen much less cluttered than before, as more of the options are hidden by default. You can click on Screen Options in the top right to bring them back. * Post Formats - meta information that can be used by themes to customize presentation of a post. Read more in the article Post Formats. * Network Admin - move Super Admin menus and related pages out of the regular admin and into a new Network Admin screen. * List-type Admin Screens - sortable columns for list-type screens and better pagination. * Exporter/Importer Overhaul - many under the hood changes including adding author information, better handling for taxonomies and terms, and proper support for navigation menus. * Custom Content Type Improvements - allows developers to generate archive pages, and have better menu and capability controls. * Advanced Queries - allows developers to query multiple taxonomies and custom fields. * Refreshed Blue Admin Color Scheme - puts the focus more squarely on your content. More changes at http://codex.wordpress.org/Version_3.1 2011-02-10T10:25:50Z morr morr@pkgsrc.org 2011-02-10T10:25:50Z urn:sha1:3a6a18fd42cbf8a4734d0e845a23e9fcef0bcbd3 * Fix XSS bug: Properly encode title used in Quick/Bulk Edit, and offer additional sanitization to various fields. Affects users of the Author or Contributor role. * Fix XSS bug: Preserve tag escaping in the tags meta box. Affects users of the Author or Contributor role. * Fix potential information disclosure of posts through the media uploader. Affects users of the Author role. * Enhancement: Force HTML filtering on comment text in the admin * Enhancement: Harden check_admin_referer() when called without arguments, which plugins should avoid. * Update the license to GPLv2 (or later) and update copyright information for the KSES library. 2010-12-30T22:27:45Z morr morr@pkgsrc.org 2010-12-30T22:27:45Z urn:sha1:c0a0e0277946f2befe31342bdd54742dacfe40bd ChangeLog: * Fix XSS vulnerabilities in the KSES library: Don't be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). 2010-12-10T23:34:17Z morr morr@pkgsrc.org 2010-12-10T23:34:17Z urn:sha1:c80e8284de77d97a5a408550df5fd34807208b9f Fixes issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.