I'm proud to announce the release of the latest stable version of
ht://Dig, version 3.1.5. Thanks to many people for bug reports,
fixes, suggestions and other contributions.
This version in particular fixes a nasty security hole in htsearch
that is present in all previous versions, including 3.1.4 and
3.2.0b1. Because of this, it is *strongly* recommended that all users
update to this version. Special thanks go to Gilles Detillieux for
finding and fixing the bug.
To download htdig-3.1.5, see <http://www.htdig.org/files/htdig-3.1.5.tar.gz>
To download a patch from 3.1.4, see
<http://www.htdig.org/files/htdig-3.1.4-3.1.5.diff.gz>
For more details on the changes involved, you can also find the full
ChangeLog at <http://www.htdig.org/ChangeLog>
-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/
Release notes for htdig-3.1.5 25 Feb 2000
This version cleans up some remaining bugs in the 3.1.4 release. As
the latest stable release of ht://Dig, it is recommended for all
production servers.
* Fixed a nasty security hole in htsearch, which would allow
users to view any file on your site that had read permission.
* Fixed a bug that could cause problems with 8-bit characters on
some systems.
* Made some attempts to get htsearch's output to be more HTML 4.0
compliant. It quotes all HTML tag parameters, and uses ";"
instead of "&" as parameter separator in URLs for next
pages. Reserved characters in parameters are now encoded.
* Fixed handling of SGML entities: htdig will still decode
them to store as single characters in the database, but
htsearch now encodes some of them back for compliant results.
* Added two new formats for variables in htsearch templates,
$%(var), which escapes the variable for a URL, and $&(var),
which HTML-escapes the variable as necessary.
* Fixed htdig's handling of robots.txt, such that only the first
applicable User-agent field bearing its name will be used, rather
than only the last.
* Fixed htdig's handling of servers that return 2-digit years.
* Fixed handling of embedded quotes in quoted string lists.
* Fixed handling of relative URLs with trailing ".." or leading "//".
* Fixed handling of the valid_extensions attribute, which sometimes
failed in the previous version.
* Enhanced the handling of local filesystem indexing with the
local_urls, local_user_urls or local_default_doc attributes, which
now allow multiple directory or file names to be tried.
* Added the build_select_lists attribute to allow the config file to
specify <select> form elements in htsearch output as a template
variable, much like $(SORT) and $(METHOD).
* Added support for two additional configuration attributes:
max_keywords, and nph.
* A variety of other bug fixes, and many documentation updates.
See the ChangeLog for details.
* Once again, thanks to everyone who reported bugs and bug fixes.
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
