Anonymous avatar Anonymous committed f65cc0d

Preparing a new stable release.

Comments (0)

Files changed (5)

+Trac 0.9.6  (Jul 6, 2006)
+http://svn.edgewall.com/repos/trac/tags/trac-0.9.6
+
+ * Fixed reStructuredText breach of privacy and denial of service vulnerability
+   found by Felix Wiemann.
+ * trac-post-commit-hook fixes.
+ * Fixed bugs: #2894, #3058, #3209 #3325.
+	
 Trac 0.9.5  (Apr 18, 2006)
 http://svn.edgewall.com/repos/trac/tags/trac-0.9.5
 
-Trac 0.9.5 Release Notes
-============================
-April 18, 2006
+Trac 0.9.6 Release Notes
+========================
+July 6, 2006
 
-We're proud to present our latest release - Trac 0.9.5.
+We're proud to present our latest release - Trac 0.9.6.
 
 Trac is an enhanced wiki and issue tracking system, integrated with
 Subversion, for software development projects. Trac uses a minimalistic
 
 What's New
 ----------
-A brief summary of major changes for version 0.9.5:
+A brief summary of major changes for version 0.9.6:
 
- * Fixed wiki macro XSS vulnerability.
- * Smaller memory usage when accessing subversion history.
- * Fixed issue with incorrectly generated urls when installed behind a web 
-   proxy.
+ * Fixed reStructuredText breach of privacy and denial of service vulnerability
+   found by Felix Wiemann.
+ * trac-post-commit-hook fixes.
 
 For a more complete list of improvements, see the ChangeLog at:
 
  <http://projects.edgewall.com/trac/wiki/ChangeLog>
 
 
+About the vulnerability
+-----------------------
+The discovered vulnerability requires docutils to be installed and enabled.
+Systems that do not have docutils installed or enabled are not vulnerable.
+As of this version version 0.3.9 or greater of docutils is required for
+using reStructuredText markup in Trac.
+
+
 Acknowledgements
 ----------------
 Many thanks to the growing number of people who have, and continue to,
 """
 __docformat__ = 'epytext en'
 
-__version__ = '0.9.6dev'
+__version__ = '0.9.6'
 __url__ = 'http://trac.edgewall.com/'
 __copyright__ = '(C) 2003-2006 Edgewall Software'
 __license__ = 'BSD'

trac/mimeview/rst.py

             from docutils import __version__
         except ImportError:
             raise TracError, 'Docutils not found'
-        if StrictVersion(__version__) < StrictVersion('0.3.3'):
+        if StrictVersion(__version__) < StrictVersion('0.3.9'):
             raise TracError, 'Docutils version >= %s required, %s found' \
-                             % ('0.3.3', __version__)
+                             % ('0.3.9', __version__)
 
         def trac_get_reference(rawtext, link, text):
             for (pattern, function) in LINKS:
         _parser = rst.Parser(inliner=_inliner)
 
         html = publish_string(content, writer_name='html', parser=_parser,
-                              settings_overrides={'halt_level': 6})
+                              settings_overrides={'halt_level': 6,
+                                                  'file_insertion_enabled': 0,
+                                                  'raw_enabled': 0})
         return html[html.find('<body>') + 6:html.find('</body>')].strip()

wiki-default/WikiStart

-= Welcome to Trac 0.9.6dev =
+= Welcome to Trac 0.9.6 =
 
 Trac is a '''minimalistic''' approach to '''web-based''' management of
 '''software projects'''. Its goal is to simplify effective tracking and handling of software issues, enhancements and overall progress.
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.