To create new wiki account, please join us on #znc at freenode and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Difference between revisions of "ChangeLog/1.7.1"

From ZNC
Jump to navigation Jump to search
m (minor grammatical changes)
 
(One intermediate revision by one other user not shown)
Line 5: Line 5:
 
-->
 
-->
  
<!-- Last update at 87fe01d3aa2ac46b1c871fae2af605a6b702413f -->
+
<!-- Last update at 9e4d89aaa4e2b6e5c79600b93665c1c0e0bb5255 -->
  
== New ==
+
== Security critical fixes ==
* Add partial Spanish, Indonesian, and Dutch translations {{GH|1527}} {{GH|1550}} {{GH|1572}}
+
* {{CVE|2018-14055}}: non-admin user could gain admin privileges and shell access by injecting values into <code>znc.conf</code>.
 +
* {{CVE|2018-14056}}: path traversal in HTTP handler via <code>../</code> in a web skin name.
  
 
== Core ==
 
== Core ==
Line 16: Line 17:
 
* Fix several broken strings
 
* Fix several broken strings
 
* Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. {{GH|1541}}
 
* Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. {{GH|1541}}
 +
 +
== New ==
 +
* Add partial Spanish, Indonesian, and Dutch translations {{GH|1527}} {{GH|1550}} {{GH|1572}}
  
 
== Modules ==
 
== Modules ==
Line 27: Line 31:
  
 
== Internal ==
 
== Internal ==
* Deprecate one of overloads of <code>CMessage::GetParams()</code>, rename it to <code>CMessage::GetParamsColon()</code>
+
* Deprecate one of the overloads of <code>CMessage::GetParams()</code>, rename it to <code>CMessage::GetParamsColon()</code>
 +
* Don't throw from destructor in the integration test
 +
* Fix a warning with integration test / gmake / znc-buildmod interaction.

Latest revision as of 21:30, 17 July 2018

← 1.7.0 ZNC 1.7.1 1.7.2 →



Security critical fixes[edit]

  • CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf.
  • CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name.

Core[edit]

  • Fix znc-buildmod to not hardcode the compiler used to build ZNC anymore in CMake build (#1536)
  • Fix language selector. Russian and German were both not selectable.
  • Fix build without SSL support (#1554)
  • Fix several broken strings
  • Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. (#1541)

New[edit]

  • Add partial Spanish, Indonesian, and Dutch translations (#1527) (#1550) (#1572)

Modules[edit]

  • adminlog: Log the error message again (regression of 1.7.0) (#1557)
  • admindebug: New module, which allows admins to turn on/off --debug in runtime (#1556)
  • flooddetach: Fix description of commands (#1548)
  • modperl: Fix memory leak in NV handling
  • modperl: Fix functions which return VCString (#1543)
  • modpython: Fix functions which return VCString (#1543)
  • webadmin: Fix fancy CTCP replies editor for Firefox. It was showing the plain version even when JS is enabled

Internal[edit]

  • Deprecate one of the overloads of CMessage::GetParams(), rename it to CMessage::GetParamsColon()
  • Don't throw from destructor in the integration test
  • Fix a warning with integration test / gmake / znc-buildmod interaction.