Changeset 3377:ef36de22c133 for CHANGELOG

Timestamp:

11/01/16 15:16:47 (9 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

2.10

Message:

CHANGELOG of next 2.10.3 release

File:

CHANGELOG

-                      r3316
+                      r3377
+Dotclear 2.10.3 - 2016-11-01
+===========================================================
+* Security: Fix CVE-2016-7903: Password Reset Address Spoof — Thank's Hongkun Zeng for report
+* Security: Fix CVE-2016-7902: Media Manager, unrestricted File Upload — Thank's Hongkun Zeng for report
+* CSP: Cope with external sources used in editor's iframe to preview public external content
+* Fix: Cope with post.post_position field during flat import
+* Fix: Prevents precondition failed during currently activated theme update
+* Fix: Remove unecessary header (cope by dotclear) in page plugin
+* Fix: Let some proxies playing with standard http and https ports
+* Fix: Let SSL runs through a proxy, it may be ok, sometimes
+* 🐛 → Various bugs and typos fixed
 Dotclear 2.10.2 - 2016-08-17
 ===========================================================

Note: See TracChangeset for help on using the changeset viewer.