To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

ChangeLog/1.7.1

From ZNC
Jump to navigation Jump to search
← 1.7.0 ZNC 1.7.1 1.7.2 →



Security critical fixes

  • CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf.
  • CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name.

Core

  • Fix znc-buildmod to not hardcode the compiler used to build ZNC anymore in CMake build (#1536)
  • Fix language selector. Russian and German were both not selectable.
  • Fix build without SSL support (#1554)
  • Fix several broken strings
  • Stop spamming users about debug mode. This feature was added in 1.7.0, now reverted. (#1541)

New

  • Add partial Spanish, Indonesian, and Dutch translations (#1527) (#1550) (#1572)

Modules

  • adminlog: Log the error message again (regression of 1.7.0) (#1557)
  • admindebug: New module, which allows admins to turn on/off --debug in runtime (#1556)
  • flooddetach: Fix description of commands (#1548)
  • modperl: Fix memory leak in NV handling
  • modperl: Fix functions which return VCString (#1543)
  • modpython: Fix functions which return VCString (#1543)
  • webadmin: Fix fancy CTCP replies editor for Firefox. It was showing the plain version even when JS is enabled

Internal

  • Deprecate one of overloads of CMessage::GetParams(), rename it to CMessage::GetParamsColon()
  • Don't throw from destructor in the integration test
  • Fix a warning in integration test / gmake / znc-buildmod interaction.