Changelog
php-htmlpurifier (4.3.0+dfsg1-1) unstable; urgency=low
* New upstream release; upstream WHATSNEW says:
│HTML Purifier 4.3.0 is a major security release addressing various
│security vulnerabilities related to user-submitted code and
│legitimate client-side scripts. It also contains an accumulation of
│new features and bugfixes over half a year. New configuration
│options include %CSS.Trusted, %CSS.AllowedFonts and
│%Cache.SerializerPermissions. There is a backwards-incompatible API
│change for customized raw definitions, see
│<http://htmlpurifier.org/docs/enduser-customize.html#optimized> for
│details.
* Document that %Cache.SerializerPath *MUST* be used, because the
upstream standard location cannot be written to in a packaged
version (being system-global) for security reasons. Also switch
%Cache.DefinitionImpl from "Serializer" to NULL to make the
standard installation, although with degraded performance, work
as-is. Document in README.Debian. (Closes: #611305)
* Solves TEMP-0000000-196897 security issue.
-- Ubuntu Archive Auto-Sync <email address hidden> Sat, 30 Apr 2011 13:31:07 +0000