To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

ChangeLog/1.7.1: Difference between revisions

From ZNC
Jump to navigation Jump to search
No edit summary
No edit summary
Line 5: Line 5:
-->
-->


<!-- Last update at 87fe01d3aa2ac46b1c871fae2af605a6b702413f -->
<!-- Last update at 9e4d89aaa4e2b6e5c79600b93665c1c0e0bb5255 -->


== New ==
== Security critical fixes ==
* Add partial Spanish, Indonesian, and Dutch translations {{GH|1527}} {{GH|1550}} {{GH|1572}}
* {{CVE|2018-14055}}: non-admin user could gain admin privileges and shell access by injecting values into <code>znc.conf</code>.
* {{CVE|2018-14056}}: path traversal in HTTP handler via <code>../</code> in a web skin name.


== Core ==
== Core ==
Line 16: Line 17:
* Fix several broken strings
* Fix several broken strings
* Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. {{GH|1541}}
* Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. {{GH|1541}}
== New ==
* Add partial Spanish, Indonesian, and Dutch translations {{GH|1527}} {{GH|1550}} {{GH|1572}}


== Modules ==
== Modules ==
Line 28: Line 32:
== Internal ==
== Internal ==
* Deprecate one of overloads of <code>CMessage::GetParams()</code>, rename it to <code>CMessage::GetParamsColon()</code>
* Deprecate one of overloads of <code>CMessage::GetParams()</code>, rename it to <code>CMessage::GetParamsColon()</code>
* Don't throw from destructor in the integration test
* Fix a warning in integration test / gmake / znc-buildmod interaction.

Revision as of 21:22, 17 July 2018

← 1.7.0 ZNC 1.7.1 1.7.2 →



Security critical fixes

  • CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf.
  • CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name.

Core

  • Fix znc-buildmod to not hardcode the compiler used to build ZNC anymore in CMake build (#1536)
  • Fix language selector. Russian and German were both not selectable.
  • Fix build without SSL support (#1554)
  • Fix several broken strings
  • Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. (#1541)

New

  • Add partial Spanish, Indonesian, and Dutch translations (#1527) (#1550) (#1572)

Modules

  • adminlog: Log the error message again (regression of 1.7.0) (#1557)
  • admindebug: New module, which allows admins to turn on/off --debug in runtime (#1556)
  • flooddetach: Fix description of commands (#1548)
  • modperl: Fix memory leak in NV handling
  • modperl: Fix functions which return VCString (#1543)
  • modpython: Fix functions which return VCString (#1543)
  • webadmin: Fix fancy CTCP replies editor for Firefox. It was showing the plain version even when JS is enabled

Internal

  • Deprecate one of overloads of CMessage::GetParams(), rename it to CMessage::GetParamsColon()
  • Don't throw from destructor in the integration test
  • Fix a warning in integration test / gmake / znc-buildmod interaction.