Releases: timlegge/docker-foswiki
Release v1.31 - Foswiki 2.1.8
This release contains 61 fixes relative to 2.1.7, including 9 critical security related fixes.
Most notable are:
CVE-2023-33756: SpreadSheetPlugin's EVAL feature exposes information about paths and files on the server
CVE-2023-24698: Local file inclusion vulnerability in viewfile
But also:
directories in working directory are created as world writable 777 permissions
possible XSS attack in attachment comments
restricted allowed protocols to http and https, i.e. forbid file protocol for local file inclusion
prevent symlink attacks by defaulting to a secure location for temporary files
update to jquery-ui 1.13.2
backport patch to earlier jQuery versons to fix a potential XSS vulnerability
possible XSS vulnerability in topic title field
Reverse proxing Foswiki
Foswiki can now properly be run behind a reverse proxy reading a X-Forwarded-For http header. This resulted in mixed content before while rendering HTML.
Version 1.27 - Update the release with Latest openssl 3.0.8
Includes openssl 3.0.7 with fixes for :
CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
No changes to the Dockerfile - just tagging the release to reflect the latest release to dockerhub.
The dockerhub v1.28 includes latest Alpine edge updates and any updated Foswiki plugins and extensions.
Remember that if you have a docker or podman volume for /var/www/foswiki you will only get the alpine updates. See https://blog.foswiki.org/Blog/UpdatingDockerFoswikiTo217 for upgrading an existing docker-foswiki to Foswiki 2.17. Extensions can be upgraded via the normal configure process.
Also of note is that docker-foswiki has been confirmed to work with podman
Version 1.27 - Update the release
No changes to the Dockerfile - just tagging the release to reflect the latest release to dockerhub.
The dockerhub v1.27 includes latest Alpine edge updates and any updated Foswiki plugins and extensions.
Remember that if you have a docker or podman volume for /var/www/foswiki you will only get the alpine updates. See https://blog.foswiki.org/Blog/UpdatingDockerFoswikiTo217 for upgrading an existing docker-foswiki to Foswiki 2.17. Extensions can be upgraded via the normal configure process.
Also of note is that docker-foswiki has been confirmed to work with podman
Version 1.20
Version 1.19
dbf4eba Add perl-webservice-slack-webapi and update CHANGES
Version 1.18
752c19a Move XSend Settings
00a9ab2 update CHANGES
db58507 Fix missing XSendFileContrib settings
e0164df Raised nginx upload size to 50M + reduced docker image layers number (so image size 560M -> 390M !)
This version requires the following changes in existing docker-foswiki installations
1. Installation of XSendFileContrib
2. Set $Foswiki::cfg{XSendFileContrib}{Header} = 'X-Accel-Redirect';
3. Set $Foswiki::cfg{XSendFileContrib}{Location} = '/files';
Version 1.17
Version 1.16
Changes:
6611a54 Add some Solr documentation
379c9bf Fixes #29 Add support for iwatch
c52b4d0 Added TOC, made using https://github.com/ekalinin/github-markdown-toc
Improved titles identation Added CapRover lines
7b59ae9 Fix type #30, DefaultUrlHost was set twice
75a8e4f Fix typo #30, DefaultUrlHost was set twice
b49f968 Revert "Fix typo #30, DefaultUrlHost was set twice"
39a9c26 Fix typo #30, DefaultUrlHost was set twice
83021e5 Mention perl-net-saml2 now official Alpine package
f8438c5 Add info around the scred up tags
Version 1.15
Fixes #28 missing dependency for Perl File::MMagic
Removes local version of perl-net-saml2 in favour of Alpine official package
The previous Version tags were foobared. This is what it should have been:
commit 77d8aa8 (tag: v1.14, origin/master, origin/HEAD)
commit 460b40d (tag: v1.13, tag: 1.13, https)