# $Id: CHANGES,v 1.24 2023/11/26 03:32:32 rlr Exp $

2023-11-26	Version 2.3	Changes since 2.2:

	- Fixed typos in comments and (one) preprocessor directive.
	  No functional change.

2023-10-31	Version 2.2	Changes since 2.1:

	- If runtime-debugging is enabled (in a DEBUG build), output includes
	  comments indicating the start and end of each template file.

	- Code improvements.

2021-10-10	Version 2.1	Changes since 2.0:

	- For RFC-compliance, ensure that no message-body is returned in
	  responses to HTTP requests that use method HEAD.

2021-09-03	Version 2.0	Changes since 1.9:

	- Changed RSS MIME type to "application/rss+xml".

2021-04-13	Version 1.9	Changes since 1.8:

	- To allow for IPv6 temporary (privacy) addresses, match on /64 when
	  checking authorisation cookie.

2021-01-28	Version 1.8	Changes since 1.7:

	- Corrected typo in checking for empty string.  (Was checking
	  address rather than character against NUL.)

	- Previously (even before fwobac), it has not been possible to edit
	  (arbitrarily) the contributor name in existing submissions/articles.
	  This is now possible.

2020-05-30	Version 1.7	Changes since 1.6:

	- Fixed two [potential] errors in parsing of configuration file.

	- Modified parsing of "If-Modified-Since" headers to accept a wider
	  variety of formats.  (This remains imperfect.)

	- Removed workarounds for problems in old versions of kcgi.

	- Changed to make use of new API functions in recent versions of kcgi.

2018-12-12	Version 1.6	Changes since 1.5:

	- Corrected processing of article subjects in generation of RSS
	  by introducing (new) template macro "SUBJECT_PLAIN_CREF", which
	  is replaced by the subject with HTML markup ["<...>"] stripped,
	  but character references ("&amp;" etc) preserved.

2018-06-28	Version 1.5	Changes since 1.4:

	- For rate-limited RSS requests (action=rss), changed to respond with
	  HTTP status code 429 rather than 503.

	- Changed RSS content-type to 'application/xml; charset="utf-8"'.

	- Reworked conversion of HTML to text to support UTF-8 in the output,
	  and UTF-8 and HTML character references (named and numeric) in
	  the input.

	- Added UTF-8 validity checks for request fields.  In addition, added
	  specific checks for NAME, SUBJECT, and CONTENT0 inputs.

	- Versions of kcgi prior to 0.10.6 contain a bug in kutil_urlencode()
	  [on platforms on which char is signed].  Added a workaround for this.

	- Changed the default MTA to /usr/sbin/sendmail, and made it possible
	  to override using compilation define MAIL_MTA.

2018-01-19	Version 1.4	Changes since 1.3:

	- For action "rss", changed the default number of article items to
	  match the number shown for action "front".

	- Added key "full" (Boolean) for action "rss" determining whether to
	  respond with initial part ["Read more..."] or complete article items
	  (for articles with "more" component).

2017-12-13	Version 1.3	Changes since 1.2:

	- Made actions "addr_block"/"addr_unblock" conditionally compiled
	  (FEATURE_ADDR_BLOCK).

	- Corrected bug in handling comment/URL in user preferences.

	- Corrected bug causing loss across edits of the time authored of an
	  submission/article.

	- Added actions "user_del", "user_info", and "user_mod"/"user_modpost".

	- Renamed actions "lock_acct"/"unlock_acct" to
	  "acct_lock"/"acct_unlock".

	- Renamed actions "block_addr"/"unblock_addr" to
	  "addr_block"/"addr_unblock".

	- If compiled with COMPAT_LEGACY_PW:
		- undefined/0
			- bcrypt format password hashes are used
		- defined/1
			- passwords are verified against existing hashes in
			  either legacy or bcrypt formats
			- new/updated passwords are stored as bcrypt hashes
		- defined to 2
			- legacy format password hashes are used

	- Added macro "SUBJECT_PLAIN" for SUBJECT stripped of markup.  This is
	  intended for use with things like HTML <title>.

2017-09-11	Version 1.2	Changes since 1.1:

	- Fixed a bug in saving the "time_authored:" field in content files.

	- Added simple theme support (when compiled with FEATURE_THEMES).

	- If compiled with COMPAT_BRAINDEAD_FB, fwobac deals with incorrectly
	  percent-encoded requests of the form
	    fwobac?action=article;sid=YYYYmmddHHMMSS...
	  (as generated by a prominent social networking platform).
	  by redirecting to the intended URL.

	- The "subject" fields of article and comment content are now
	  (consistently) in HTML format.  Template macro "SUBJECT_RAW"
	  has been added to allow display of the source HTML, in contrast
	  with SUBJECT which displays the (marked up) subject value.

	- If compiled with COMPAT_LEGACY_R (to support reading legacy content
	  files): for template macro "TIME_A_FMT:", fall back to "TIME_S_FMT:"
	  if an article has no "time_authored:" header, and to "TIME_E_FMT:"
	  in other cases.

	- Made comment/URL in user preferences optional, removed macro
	  "COMMENT" (by merging it into "HREF"), and removed key "comment"
	  (by merging it into "href").

	- Added template macro "ACTION".

	- Improved documentation (in README) of cache directory.

2017-08-22	Version 1.1	Changes since 1.0:

	- Corrected two errors in generation of URLs, one of which could
	  result in crashes.

2017-08-20	Version 1.0	Initial release