Enano 1.0.2 (Coblynau, pronounced "koblernigh") is primarily a bugfix release.
Security fixes:
- Fixed a minor SQL injection hole in the search indexing code. This was always caught by the SQL parser in our internal tests.
Added:
- Password strength algorithm and the ability to enforce strong passwords
- Rewrote the administration interface for users. It's more modular now, and it uses a smart-form class similar to what is used in Linkchomper.
Fixed:
- Bullet points in Oxygen getting corrupted (bad image path)
- A few major bugs with registration that were repeatedly fixed but got lost in Mercurial somewhere. The fix is now in our master repository so no worries anymore.
- <enano:no-opt> tags now work in script sections
- In a related note, client-side form validation during registration did not work due to the aggressive HTML optimization settings
- Textarea tags are now excluded from optimization
- Parser bug in RenderMan::parse_internal_links() was fixed; namespaces were not prepended
- The shortcut [[Project:PageName]] may now be used in place of the actual site name. This is to improve inter-Enano site compatibility.
- UTF-8 characters can be used in usernames
- Activation e-mails were signed by the Anonymous user
- Administration forms submitted after the "administrative options" button on a page were double-sanitized
- About Enano page linked to the GPLv3 (possibly misleading).
- Users that log in to an inactive account can log out and/or request administrative activation
- Ban page UI improved dramatically
