aboutsummaryrefslogtreecommitdiffstats
path: root/NEWS
diff options
context:
space:
mode:
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS97
1 files changed, 97 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 66e309d..6cc597f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,100 @@
+Debian's w3m 0.5.3+git20200502
+
+* bug fixes
+ - support ' entity
+ - prevent multiple User-Agent with -header
+ - fix -Wchar-subscripts
+* new features
+ - support setting user_agent in siteconf
+ - new command GOTO_HOME
+ - extend ssl_forbid_method for TLSv1.2 and TLSv1.3
+
+Debian's w3m 0.5.3+git20190105
+
+* bug fixes
+ - do not use deprecated features with OpenSSL 1.1
+ - fix dependency for Imlib2
+ - fix that the mark_all_pages option works
+ - respect the simple_preserve_space option for table cells
+ - fix error handling for ~/.w3m/request.log and localcgi_post()
+* new feature
+ - w3mman supports specifying a section number during a keyword search
+
+Debian's w3m 0.5.3+git20180125
+
+* bug fixes
+ - fix stack overflow with malformed text [CVE-2018-6196]
+ - fix null deref with malformed text [CVE-2018-6197]
+ - fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198]
+ - do not remove w3mdict.cgi when "make distclean"
+ - do not turn a form's GET into POST
+ - correct <base ...> parsing
+ - accept TERM=fbterm
+* new feature
+ - extend ssl_forbid_method to disable TLSv1.1
+
+Debian's w3m 0.5.3+git20170102
+
+* bug fixes
+ - fix multiple flaws with malformed text
+ (buffer overflow, use after free, infinite loop)
+ - fix uninitialized variable when not USE_IMAGE
+
+Debian's w3m 0.5.3+git20161120
+
+* bug fixes
+ - fix multiple flaws with malformed text
+ (stack overflow, buffer overflow, null deref, out of memory)
+ [CVE-2016-9622], [CVE-2016-9623], [CVE-2016-9624], [CVE-2016-9625],
+ [CVE-2016-9626], [CVE-2016-9627], [CVE-2016-9628], [CVE-2016-9629],
+ [CVE-2016-9630], [CVE-2016-9631], [CVE-2016-9632], [CVE-2016-9633]
+ - fix stack overflow with nested table and textarea [CVE-2016-9439]
+ - fix suspend (^Z) behavior
+
+Debian's w3m 0.5.3+git20161031
+
+* new features
+ - support OSC 5379 remote imaging and sixel graphics
+ - support SGR style mouse handler
+ - support 32-bit color images
+ - support FreeBSD framebuffer
+ - support button element
+ - support meta charset
+ - include w3mdict.cgi to use a dictd dictionary query
+ - add extbrowser4..9
+ - add display_borders to display 0 pixel table borders
+ - add siteconf feature
+ - add German translation for options setting panel
+ - add translations for de, zh_CN and zh_TW
+* bug fixes
+ - fix multiple flaws with malformed text
+ [CVE-2016-9422], [CVE-2016-9423], [CVE-2016-9424], [CVE-2016-9425],
+ [CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430],
+ [CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434],
+ [CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438],
+ [CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443], [CVE-2016-9621]
+ - fix potential heap buffer corruption due to Strgrow [CVE-2016-9442]
+ - disable SSLv2 and SSLv3 by default [CVE-2014-3566]
+ - set ssl_verify_server to 1 by default
+ - disable RC4, export ciphers, and keys < 128 bits
+ - use SSL_OP_NO_COMPRESSION due to "CRIME attack" [CVE-2012-4929]
+ - use SSL_MODE_RELEASE_BUFFERS
+ - disable USE_EGD for LibreSSL
+ - appease gcc -Werror=format-security
+ - option -s is now "squeeze multiple blank lines" to work as pager, and
+ -j and -e are obsolete, so use -O{s|j|e} to specify display charset
+ - accept single quoted meta refresh URL
+ - assume "text" if a form input type is unknown
+ - accept cookies by default
+ - set use_dictcommand to 1 by default
+ - set default_url to 1 by default
+ - set argv_is_url to 1 by default
+ - set alt_entity to 0 by default
+ - fix build problems with Boehm GC 7.2, imlib2 1.4.6 and glibc 2.14
+ - fix parallel make failure
+ - fix incorrect ucs_ambwidth_map
+ - and many fixes
+
w3m 0.5.3 - 2011-01-15
* security fix