File: changelog

package info (click to toggle)
php-htmlpurifier 4.7.0-2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 2,316 kB
  • ctags: 3,803
  • sloc: php: 16,334; xml: 430; makefile: 9; sh: 7
file content (164 lines) | stat: -rw-r--r-- 7,067 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
 
php-htmlpurifier (4.7.0-2) unstable; urgency=medium

  * Team upload
  * Revert "Move symlink to directory", not needed anymore
  * Update Standards-Version to 3.9.7
  * Use dpkg-statoverride to fix permissions
  * Rebuild with recent pkg-php-tools for the PHP 7.0 transition

 -- David Prévot <taffit@debian.org>  Sun, 20 Mar 2016 13:05:58 -0400

php-htmlpurifier (4.7.0-1) unstable; urgency=medium

  * Team upload

  [ Edward Z. Yang ]
  * Update YouTube embed code to new style, fixes #28
  * Add AutoFormat.RemoveEmpty.Predicate, fixes #35.
  * Fix rgb in border attribute with spaces, fixes #30.
  * Release 4.7.0.

 -- David Prévot <taffit@debian.org>  Tue, 27 Oct 2015 12:49:10 -0400

php-htmlpurifier (4.6.0-1) unstable; urgency=medium

  * Team upload
  * New upstream release, fixes security flaws (Closes: #764885)
  * Restart packaging within the Debian PHP PEAR Maintainers team
  * Move symlink to directory
  * Use a default writable directory in /var/lib
  * Convert copyright to format 1.0

 -- David Prévot <taffit@debian.org>  Fri, 17 Oct 2014 18:09:34 -0400

php-htmlpurifier (4.4.0+dfsg1-2) unstable; urgency=low

  [ Martin von Wittich ]
  * Fix undefined array index deref (Closes: #736835)

  [ Thorsten Glaser ]
  * Remove myself from Uploaders

 -- Thorsten Glaser <tg@mirbsd.de>  Tue, 11 Feb 2014 21:59:25 +0100

php-htmlpurifier (4.4.0+dfsg1-1) unstable; urgency=low

  * New upstream release; upstream WHATSNEW says:
    │HTML Purifier 4.4.0 is a minor security release addressing a
    │security vulnerability associated with some optional functionality.
    │It also contains an accumulation of new features and bugfixes over
    │half a year. New configuration options include %HTML.TargetBlank,
    │%HTML.AllowedComments, %HTML.AllowedCommentsRegexp,
    │%HTML.SafeIframe, %URI.SafeIframeRegexp, %Core.EnableIDNA (requires
    │PEAR Net_IDNA2 module and doesn't work for PHP 5.0.5). We also now
    │support the 'scope' attribute on tables.
  * Switch to debian/source/format 3.0 (quilt) with
    the single-debian-patch local-option
  * Omit .git* files when repacking any further .orig.tar.gz
  * Use a paxcpio (from the pax package) feature to shrink .orig.tar.gz
  * debian/rules: Modernise; add build-{arch,indep} targets
  * debian/control: Add VCS-{git,Browser}, Policy 3.9.3 (no changes)

 -- Thorsten Glaser <tg@mirbsd.de>  Fri, 30 Mar 2012 11:42:47 +0200

php-htmlpurifier (4.3.0+dfsg1-1) unstable; urgency=low

  * New upstream release; upstream WHATSNEW says:
    │HTML Purifier 4.3.0 is a major security release addressing various
    │security vulnerabilities related to user-submitted code and
    │legitimate client-side scripts. It also contains an accumulation of
    │new features and bugfixes over half a year. New configuration
    │options include %CSS.Trusted, %CSS.AllowedFonts and
    │%Cache.SerializerPermissions. There is a backwards-incompatible API
    │change for customized raw definitions, see
    │<http://htmlpurifier.org/docs/enduser-customize.html#optimized> for
    │details.
  * Document that %Cache.SerializerPath *MUST* be used, because the
    upstream standard location cannot be written to in a packaged
    version (being system-global) for security reasons. Also switch
    %Cache.DefinitionImpl from "Serializer" to NULL to make the
    standard installation, although with degraded performance, work
    as-is. Document in README.Debian. (Closes: #611305)
  * Solves TEMP-0000000-196897 security issue.

 -- Thorsten Glaser <tg@mirbsd.de>  Sat, 02 Apr 2011 16:55:15 +0000

php-htmlpurifier (4.2.0+dfsg1-1) unstable; urgency=low

  * New upstream release; upstream WHATSNEW says:
    │HTML Purifier 4.2.0 is a minor release that implements a number of
    │feature requests accumulated over half a year.  New configuration
    │options include %Core.RemoveProcessingInstructions,
    │%CSS.ForbiddenProperties, %HTML.FlashAllowFullScreen and
    │%Core.NormalizeNewlines.  Additionally,%URI.DisableResources is
    │now functional and file: is an optionally supported URI scheme.
    │There are also some minor bugfixes, usability improvements and
    │documentation updates.
  * Install NEWS as upstream changelog, as it’s its intentional use
  * Policy 3.9.1 (no relevant changes)

 -- Thorsten Glaser <tg@mirbsd.de>  Wed, 13 Oct 2010 13:40:21 +0000

php-htmlpurifier (4.1.1+dfsg1-1) unstable; urgency=high

  * New upstream release; upstream WHATSNEW says:
    | HTML Purifier 4.1.1 is a major security and bugfix release that
    | improves on 4.1's fix for an XSS vulnerability exploitable on Internet
    | Explorer.  It also contains a number of important bugfixes, including
    | the removal of improper logic that could result in infinite loops and
    | fixed parsing for single-attributes with entities with DirectLex.
  * Set urgency=high due to second attempt at XSS bugfix, no CVE number
    (SA39613) (Closes: #586061) (LP: #582576)
  * /usr/share/php-htmlpurifier/tests/index.php no longer has a shebang,
    so do not chmod +x it

 -- Thorsten Glaser <tg@mirbsd.de>  Thu, 17 Jun 2010 14:45:26 +0000

php-htmlpurifier (4.1.0+dfsg1-1) unstable; urgency=high

  * New upstream release; upstream WHATSNEW says:
    | HTML Purifier 4.1 is a major security release that fixes an XSS
    | vulnerability exploitable on Internet Explorer.  It also contains
    | a number of new features, including dramatically more flexible Flash
    | support, including %Output.FlashCompat to replace %HTML.SafeEmbed,
    | optional support for the data: URI scheme and better HTML parsing
    | capabilities.
    Setting urgency=high due to XSS bugfix.
  * debian/rules (get-orig-source): support uscan downloaded files

 -- Thorsten Glaser <tg@mirbsd.de>  Thu, 29 Apr 2010 09:10:27 +0000

php-htmlpurifier (4.0.0+dfsg1-1) unstable; urgency=low

  * Take original upstream tarball, removing non-DFSG-free XHTML
    schema and entities and other unlicenced material, instead
    of what dh-make-pear produces.
  * Completely re-do the packaging to avoid all that php-pear
    brings with it, including “channels”. (Closes: #572184)
  * Add myself and Roland Mas as Uploader due to request for help
    of the maintainer.
  * Install both library and documentation.

 -- Thorsten Glaser <tg@mirbsd.de>  Tue, 16 Mar 2010 14:04:20 +0000

php-htmlpurifier (4.0.0-2) unstable; urgency=low

  * Add htmlpurifier.org.reg channel so build in a debootstrap env
  works (Closes: #551243)
  * Rewiewed autoformated description (Closes: #531019)
  This time closes the right bug

 -- Christian Bayle <bayle@debian.org>  Tue, 03 Nov 2009 13:25:53 +0100

php-htmlpurifier (4.0.0-1) unstable; urgency=low

  * New Upstream Version (Closes: #549343).
  * Rewiewed autoformated description (Closes: #534019)

 -- Christian Bayle <bayle@debian.org>  Mon, 12 Oct 2009 21:02:41 +0200

php-htmlpurifier (3.3.0-1) unstable; urgency=low

  * Initial Release (Closes: #462150).

 -- Christian Bayle <bayle@debian.org>  Tue, 12 May 2009 22:28:14 +0200