[pmwiki-announce] PmWiki 2.2.136 released

Petko Yotov 5ko at 5ko.fr
Fri Feb 26 06:10:02 PST 2021


Hello. PmWiki version 2.2.136 was published today, and is available at:

   https://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.136.tgz
   https://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.136.zip
    svn://www.pmwiki.org/pmwiki/tags/latest

This version fixes a XSS vulnerability for WikiStyles reported today by
Igor Sak-Sakovskiy.

The fix adds a second argument $keep to the core function PQA($attr,
$keep=true) which by default escapes HTML special characters and places
the values in Keep() containers. If you have custom functions that call
PQA() and expect the previous behavior, set the second argument to
false.

If you have any questions or difficulties, please let us know.

Thanks,
Petko
-- 
If you upgrade :  https://www.pmwiki.org/Upgrades



More information about the pmwiki-announce mailing list