[htdig3-dev] [ANNOUNCE] Release of ht://Dig version 3.1.5


Subject: [htdig3-dev] [ANNOUNCE] Release of ht://Dig version 3.1.5
From: Geoff Hutchison (ghutchis@wso.williams.edu)
Date: Fri Feb 25 2000 - 11:32:15 PST


I'm proud to announce the release of the latest stable version of
ht://Dig, version 3.1.5. Thanks to many people for bug reports,
fixes, suggestions and other contributions.

This version in particular fixes a nasty security hole in htsearch
that is present in all previous versions, including 3.1.4 and
3.2.0b1. Because of this, it is *strongly* recommended that all users
update to this version. Special thanks go to Gilles Detillieux for
finding and fixing the bug.

To download htdig-3.1.5, see <http://www.htdig.org/files/htdig-3.1.5.tar.gz>
To download a patch from 3.1.4, see
<http://www.htdig.org/files/htdig-3.1.4-3.1.5.diff.gz>

For more details on the changes involved, you can also find the full
ChangeLog at <http://www.htdig.org/ChangeLog>

-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/

     Release notes for htdig-3.1.5 25 Feb 2000
     This version cleans up some remaining bugs in the 3.1.4 release. As
     the latest stable release of ht://Dig, it is recommended for all
     production servers.
       * Fixed a nasty security hole in htsearch, which would allow
         users to view any file on your site that had read permission.
       * Fixed a bug that could cause problems with 8-bit characters on
         some systems.
       * Made some attempts to get htsearch's output to be more HTML 4.0
         compliant. It quotes all HTML tag parameters, and uses ";"
         instead of "&" as parameter separator in URLs for next
         pages. Reserved characters in parameters are now encoded.
       * Fixed handling of SGML entities: htdig will still decode
         them to store as single characters in the database, but
         htsearch now encodes some of them back for compliant results.
       * Added two new formats for variables in htsearch templates,
         $%(var), which escapes the variable for a URL, and $&(var),
         which HTML-escapes the variable as necessary.
       * Fixed htdig's handling of robots.txt, such that only the first
         applicable User-agent field bearing its name will be used, rather
         than only the last.
       * Fixed htdig's handling of servers that return 2-digit years.
       * Fixed handling of embedded quotes in quoted string lists.
       * Fixed handling of relative URLs with trailing ".." or leading "//".
       * Fixed handling of the valid_extensions attribute, which sometimes
         failed in the previous version.
       * Enhanced the handling of local filesystem indexing with the
         local_urls, local_user_urls or local_default_doc attributes, which
         now allow multiple directory or file names to be tried.
       * Added the build_select_lists attribute to allow the config file to
         specify <select> form elements in htsearch output as a template
         variable, much like $(SORT) and $(METHOD).
       * Added support for two additional configuration attributes:
         max_keywords, and nph.
       * A variety of other bug fixes, and many documentation updates.
         See the ChangeLog for details.
       * Once again, thanks to everyone who reported bugs and bug fixes.

------------------------------------
To unsubscribe from the htdig3-dev mailing list, send a message to
htdig3-dev-unsubscribe@htdig.org
You will receive a message to confirm this.



This archive was generated by hypermail 2b28 : Fri Feb 25 2000 - 11:44:16 PST