To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.
ChangeLog/0.072
Jump to navigation
Jump to search
| ← 0.070 | ZNC 0.072 | 0.074 → |
 |
This is an old ZNC version. If you still use it, please consider upgrading to 1.9.1. |
All webadmin skins are broken in this release due to a bug in webadmin itself. This is fixed in the next release.
High-impact security bugs
There was a path traversal bug in ZNC which allowed attackers write access to any place to which ZNC has write access. The attacker only needed a user account (with BounceDCCs enabled). Details are in the commit message. (r1570)
This is CVE-2009-2658.
Affected versions
All ZNC versions since ZNC 0.022 (Initial import in SVN) are affected.
New stuff
/msg *status uptimeis now accessible to everyone. (r1526)- ZNC can now optionally use c-ares for asynchronous DNS resolving. (r1548) (r1549) (r1550) (r1551) (r1552) (r1553) (r1556) (r1565) (r1566)
- The new config option
AnonIPLimitlimits the number of unidentified connections per IP. (r1561) (r1563) (r1567)
Fixes
znc --no-color --makeconfstill used some color codes. (r1519)- Webadmin favicons were broken since (r1481). (r1524)
- znc.pc was installed to the wrong directory in multilib systems. (r1530)
- Handle flags like e.g. --allow-root for
/msg *status restart. (r1531) (r1533) - Fix channel user mode tracking. (r1574)
- Fix a possible crash if users are deleted while they are connecting to IRC. (r1557)
- Limit HTTP POST data to 1 MiB. (r1559)
OnStatusCommand()wasn't called for commands executed via/znc. (r1562)- On systems where sizeof(off_t) is 4, all ZNC-originated DCCs failed with "File too large (>4 GiB)". (r1568)
- ZNC didn't properly verify paths when checking for directory traversal attacks (Low impact). (r1569)
Minor stuff
- Minor speed optimizations. (r1527) (r1532)
- stickychan now accepts a channel list as module arguments. (r1534)
- Added a clear command to nickserv. (r1554)
- Added an execute command to perform. (r1558)
- Added a swap command to perform. (r1560)
- fail2ban clears all bans on rehash. (r1564)
Internal stuff
- The API for traffic stats changed. (r1521) (r1523)
- Some optimizations to
CSmartPtr. (r1522) - CString now accepts an optional precision for converting floating point numbers. (r1525)
- Made home dir optional in
CDir::ChangeDir(). (r1536) - Stuff. (r1537) (r1550)
- EMFILE in CSockets is handled by closing the socket. (r1544)
Special thanks to cnu and flakes!