+v2.1.2
+ * Fix XSS in $flavour (CVE-2008-2236). Thanks to Yoshinori Ohta of
+ Business Architects Inc. for making us aware of this issue.
+
v2.1.1
+ * The "never trust a dot zero release" bugfix release for 2.1.0.
* Added CVS Id keyword to file header.
* Declaring $encode_xml_entities as a config option by moving it into
the config section -- no functionality change.
Blosxom manages to correctly determine the base URL, you can easily
set $url in the config file to the correct value and no base URL
magic happens anymore (except the removing of a trailing slash if
- present -- as before).
+ present -- as before). Closes: #2032685
* Added a lot of comments explaining the fixed problems and the
remaining seldom cases where manual configuration is necessary.