From 5ko at 5ko.fr  Sun Jul  7 00:54:41 2024
From: 5ko at 5ko.fr (Petko Yotov)
Date: Sun, 07 Jul 2024 09:54:41 +0200
Subject: [pmwiki-announce] PmWiki 2.3.35 released
Message-ID: <351dce377137b44b78b1e31e80a3daa6@5ko.fr>

Hello. PmWiki version 2.3.35 was published today, and is available at:

   https://www.pmwiki.org/pub/pmwiki/pmwiki-2.3.35.tgz
   https://www.pmwiki.org/pub/pmwiki/pmwiki-2.3.35.zip
     svn://www.pmwiki.org/pmwiki/tags/latest

This version updates links in the default sidebar to the HTTPS scheme,
and places the links to PITS (issue tracking) and Mailing lists in a
conditional for editors only.

Minor improvements to PmSynxtax. It is now possible to show the source
text of a wiki page highlighted by opening
Page?action=source&highlight=1.

A minor bug with escaped strings in page titles was fixed, and the
documentation was updated.

Version 2.3.35 for security reasons removes the upload types "svg",
"svgz", "htm", "html", "css", "swf", "fla", "epub". In some cases,
those file formats may allow scripting and potentially open XSS
vulnerabilities. Existing uploads with these extensions will not be
affected. Wiki administrators who only allow trusted users to upload,
can re-enable the extensions that they require with the following lines
in config.php:

NOTE: Only enable extensions that you require:

   # files with no extension, the type may be auto-detected by the server
   $UploadExts[''] = 'text/plain';

   # SVG images may contain scripting
   $UploadExts['svg'] = 'image/svg+xml';
   $UploadExts['svgz'] = 'image/svg+xml';

   # Epub may contain scripting and be opened by a browser extension
   $UploadExts['epub'] = 'application/epub+zip';

   # Flash files may contain scripting on older browsers
   # but are no longer supported by recent browsers
   $UploadExts['swf'] = 'application/x-shockwave-flash';
   $UploadExts['fla'] = 'application/vnd.adobe.fla';

   # HTML may contain scripting
   $UploadExts['html'] = $UploadExts['htm'] = 'text/html';

   # CSS, if loaded by a browser, may request external resources
   # and thus reveal your visitors to external websites
   $UploadExts['css'] = 'text/css';

Additionally, a few more upload extensions are considered for
deprecation and removal from the core in early 2025. Please join the
discussion:

   https://www.pmwiki.org/wiki/PITS/01509.

Thanks,
Petko

-- 
If you upgrade :  https://www.pmwiki.org/Upgrades