Changelog
spip (3.1.4-4) unstable; urgency=medium
* Update security screen to 1.3.6
* Backport security fixes from 3.1.7
- Do not disclose PHP version in headers
- Secure inserted URL in anchors
- Secure URLs sent by self()
- Escape charset in error message
- Allow filter mode to be passed in interdire_scripts()
- No onclick nor JS popup in footer
- Fix missing escapes
- Secure _T() and _L() arguments
- Provide a sanitize option for _T() and _L()
- Deactivate sanitization when calling _T() in affdate_debut_fin() that
uses secured data
- Cross-site scripting (XSS) vulnerability [CVE-2017-15736]
(Closes: #879954)
- [Privacy] add rel attribute (noopener noreferrer) in private footer
* Backport security fix from 3.1.8
- PHP injection via XML file
* Drop dead list from Maintainer (and Romain from Uploaders) (Closes: #899895)
* Move project repository to salsa.d.o
-- David Prévot <email address hidden> Sun, 10 Jun 2018 14:57:12 -1000