I'm proud to announce the release of the latest stable version of ht://Dig, version 3.1.5. Thanks to many people for bug reports, fixes, suggestions and other contributions. This version in particular fixes a nasty security hole in htsearch that is present in all previous versions, including 3.1.4 and 3.2.0b1. Because of this, it is *strongly* recommended that all users update to this version. Special thanks go to Gilles Detillieux for finding and fixing the bug. To download htdig-3.1.5, see <http://www.htdig.org/files/htdig-3.1.5.tar.gz> To download a patch from 3.1.4, see <http://www.htdig.org/files/htdig-3.1.4-3.1.5.diff.gz> For more details on the changes involved, you can also find the full ChangeLog at <http://www.htdig.org/ChangeLog> -Geoff Hutchison Williams Students Online http://wso.williams.edu/ Release notes for htdig-3.1.5 25 Feb 2000 This version cleans up some remaining bugs in the 3.1.4 release. As the latest stable release of ht://Dig, it is recommended for all production servers. * Fixed a nasty security hole in htsearch, which would allow users to view any file on your site that had read permission. * Fixed a bug that could cause problems with 8-bit characters on some systems. * Made some attempts to get htsearch's output to be more HTML 4.0 compliant. It quotes all HTML tag parameters, and uses ";" instead of "&" as parameter separator in URLs for next pages. Reserved characters in parameters are now encoded. * Fixed handling of SGML entities: htdig will still decode them to store as single characters in the database, but htsearch now encodes some of them back for compliant results. * Added two new formats for variables in htsearch templates, $%(var), which escapes the variable for a URL, and $&(var), which HTML-escapes the variable as necessary. * Fixed htdig's handling of robots.txt, such that only the first applicable User-agent field bearing its name will be used, rather than only the last. * Fixed htdig's handling of servers that return 2-digit years. * Fixed handling of embedded quotes in quoted string lists. * Fixed handling of relative URLs with trailing ".." or leading "//". * Fixed handling of the valid_extensions attribute, which sometimes failed in the previous version. * Enhanced the handling of local filesystem indexing with the local_urls, local_user_urls or local_default_doc attributes, which now allow multiple directory or file names to be tried. * Added the build_select_lists attribute to allow the config file to specify <select> form elements in htsearch output as a template variable, much like $(SORT) and $(METHOD). * Added support for two additional configuration attributes: max_keywords, and nph. * A variety of other bug fixes, and many documentation updates. See the ChangeLog for details. * Once again, thanks to everyone who reported bugs and bug fixes. ------------------------------------ To unsubscribe from the htdig3-dev mailing list, send a message to [EMAIL PROTECTED] You will receive a message to confirm this.
