|← 1.7.0||ZNC 1.7.1||1.8.0 →|
|This is the latest release. Source tarball is available here.|
Security critical fixes
- CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into
- CVE-2018-14056: path traversal in HTTP handler via
../in a web skin name.
- Fix znc-buildmod to not hardcode the compiler used to build ZNC anymore in CMake build (#1536)
- Fix language selector. Russian and German were both not selectable.
- Fix build without SSL support (#1554)
- Fix several broken strings
- Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. (#1541)
- adminlog: Log the error message again (regression of 1.7.0) (#1557)
- admindebug: New module, which allows admins to turn on/off --debug in runtime (#1556)
- flooddetach: Fix description of commands (#1548)
- modperl: Fix memory leak in NV handling
- modperl: Fix functions which return
- modpython: Fix functions which return
- webadmin: Fix fancy CTCP replies editor for Firefox. It was showing the plain version even when JS is enabled
- Deprecate one of the overloads of
CMessage::GetParams(), rename it to
- Don't throw from destructor in the integration test
- Fix a warning with integration test / gmake / znc-buildmod interaction.