Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Changes In Branch mistake Excluding Merge-Ins
This is equivalent to a diff from d4caf785e3 to 5255854698
|
2025-10-01
| ||
| 05:33 | Attempt to preserve more of the randomness generated by MD5. check-in: f9d361804e user: andybradford tags: md5-color-hash | |
|
2025-09-30
| ||
| 10:59 | Change to the wrong branch. Closed-Leaf check-in: 5255854698 user: drh tags: mistake | |
| 05:17 | Use MD5 to generate the color hash as it's a random function. check-in: d4caf785e3 user: andybradford tags: md5-color-hash | |
|
2025-09-27
| ||
| 15:05 | Avoid an unnecessary mprintf(). check-in: bd4cec1240 user: danield tags: trunk | |
Changes to www/changes.wiki.
1 2 | <title>Change Log</title> | | | 1 2 3 4 5 6 7 8 9 10 |
<title>Change Log</title>
<h2 id='v2_27'>Changes for version 2.27 (2025-09-30)</h2><ol>
<li> Close a potential Denial-of-Service attack against any public-facing Fossil
server involving exponential behavior in Fossil's regexp implementation.
<li> Fix a SQL injection on the [/help?cmd=/file|/file page]. Thanks to
additional defenses built into Fossil, as well as good luck, this injection
is not exploitable for either data exfiltration or privilege escalation. The
only possible result of invoking the injection is a harmless SQL syntax error.
<li> Strengthen robot defenses to help prevent public-facing servers from being
|
| ︙ | ︙ |