Hi, I added a sentence on older versions to the news, the new file is attached. Please, proofread! You may want to change the file name to have a different date, but you can just drop the file into _posts directory and compile the website with Jekyll, as it contains the necessary yaml header. All links should automatically be updated, though it may be better to double-check the links in homepage, news index and sitemap, especially when you use the older Jekyll version. Running "gem update jekyll" should work correctly, because there is so many gems they should leave the option, no guarantees though as to how your distro modified stuff to make it incompatible.
It might be useful if you copy the non-header part of the text to https://sourceforge.net/p/freecol/news/ and use same title, same time you do the website upload. When I played a recent version it was kinda annoying with the green cursor switching to terrain often and not being able to see next unit or turn end info on lower right. It also did not blink. Otherwise it seemed playable (in the short time I tried it), now that the not being able to return from Europe bug is nearly fixed (old safegames with ship already in Europe stay broken). So, putting out 0.12.0 may be a good choice, considering 0.11.6 also contains a number of bugs discovered and fixed meanwhile. Greetings wintertime > Gesendet: Mittwoch, 01. Januar 2020 um 06:26 Uhr > Von: "Michael T. Pope" <mp...@computer.org> > An: "FreeCol Developers" <freecol-developers@lists.sourceforge.net> > Betreff: Re: [Freecol-developers] FreeCol XXE Vulnerability > > On Tue, 31 Dec 2019 02:06:21 -0800 > David Lewis <highwayofl...@gmail.com> wrote: > > I think we might be okay to start releasing RC versions of 0.12 right away, > > since "0.x" implies beta, we don't need to necessarily support the 0.11 > > line, and thus don't need to worry about backporting fixes, so long as we > > release an update that contains the fixes that folks can upgrade to. > > I have been working through the bug list and while there are indeed new > annoying open issues, perhaps the CVE-fix is enough reason to just forge > ahead. > > >[wintertime, regarding the news item] > > Should it be mentioned that even older versions are affected and which? > > AFAICT the dodgy Java call has been in use since at least 0.10.0. Ironically, > there used to be a lot more of them! I mentioned 0.11.6 explicitly because > that > the only version we are really supporting at this point (i.e. if you report a > bug in earlier FreeCol the first thing I want to know is if you have tried the > current release). However feel free to say something like "All supported > FreeCol releases prior to 20191227" or thereabouts. > > > When should people upgrade? > > Well I always tell people who just want to play FreeCol to use the latest > stable release, and I would continue to say that. However that is just my > opinion. Do we even want to make an Official Recommendation? > > Cheers, > Mike Pope
2019-12-31-freecol-xxe-vulnerability-fixed.md
Description: Binary data
_______________________________________________ Freecol-developers mailing list Freecol-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freecol-developers
