| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- Security and bug fixes:
* security fix for CVE-2020-25074 (boo#1178744):
fix remote code execution via cache action
changeset with fix: d1e5fc7d
* security fix for CVE-2020-15275 (boo#1178745):
fix malicious SVG attachment causing stored XSS vulnerability
changeset with fix: 64e16037
* make setup.py and .cfg ascii-only, #40
* fix SubProcess' os.setsid usage, #44
* fix interwiki test fails that crept into 1.9.10 release
* highlight parser: use language as code_type rather than "highlight"
* catch indexer error for too long names, #57
* improved indexer logging so logging never crashes due to
encoding issues for non-ascii page or attachment names.
* fix mailheader parsing, add tests for mailimport, #53
* workaround werkzeug errors='fallback:...' regression, #37
* mailimport: fix AttributeError, #55
* surge protection / hosts_deny: fix broken html, #60
- Other changes:
* upgrade werkzeug 0.14.1 -> 1.0.1, adapt imports
HINT: if you use the ProxyFix code, the required import has changed to:
from werkzeug.middleware.proxy_fix import ProxyFix
* add secure-cookie 0.1.0 (code was formerly part of werkzeug.contrib), adapt imports
* update pygments 2.1.3 -> 2.5.2
* update passlib 1.7.1 -> 1.7.2
* update parsedatetime 2.4 -> 2.6
- add upstream signing key and verify source signature
- Upgrade to version 1.9.10
+ security fix for CVE-2017-5934, XSS in GUI editor related code
(boo#1111104)
+ removed raw#199.patch, is included in new version