[xiph-commits] r18370 - websites/icecast.org
dm8tbr at svn.xiph.org
dm8tbr at svn.xiph.org
Mon Jun 11 11:50:58 PDT 2012
Author: dm8tbr
Date: 2012-06-11 11:50:58 -0700 (Mon, 11 Jun 2012)
New Revision: 18370
Modified:
websites/icecast.org/news.php
Log:
Initial release notes for Icecast 2.3.3.
Modified: websites/icecast.org/news.php
===================================================================
--- websites/icecast.org/news.php 2012-06-11 17:33:12 UTC (rev 18369)
+++ websites/icecast.org/news.php 2012-06-11 18:50:58 UTC (rev 18370)
@@ -4,6 +4,69 @@
<img alt="" src="/images/corner_topleft.jpg" class="corner" style="display: none" />
</div>
<div class="newscontent">
+<h3>Icecast Release 2.3.3</h3>
+We are pleased to announce the next release of Icecast. A summary of the changes are listed below
+<br />
+<br />
+<p>Downloads:<br />
+<center>
+<table border=0>
+<tr><td>Source :</td><td><a href="http://downloads.xiph.org/releases/icecast/icecast-2.3.3.tar.gz">icecast-2.3.3.tar.gz</a></td></tr>
+<tr><td>Windows Setup :</td><td>Not yet available. Will be provided ASAP.<!--<a href="http://downloads.xiph.org/releases/icecast/icecast2_win32_2.3.3_setup.exe">icecast2_win32_2.3.3_setup.exe</a>--></td></tr>
+</table>
+</center>
+<p>
+<br />
+<ul>
+<li>Security
+We fixed 3 security issues.
+<ul>
+ <li>Improved HTTPS cipher handling and added support for chained certificates.
+ <li>Allow the source password to be undefined. There was a corner case, where a default password would have taken effect. It would require the admin to remove the 'source-password' from the icecast config to take effect. Default configs ship with the password set, so this vulnerability doesn't trigger there.
+ <li>Prevent error log injection of control characters by substituting non-alphanumeric characters with a '.' (CVE-2011-4612). Injection attempts can be identified via access.log, as that stores URL encoded requests. Investigation if further logging code needs to have sanitized output is ongoing.
+</ul><br />
+<li>Bugfixes
+This is mostly a bug-fix release to flush out the accumulated, mostly small, fixes.<br />
+<ul>
+ <li>On-demand relaying - Reject listeners while reconnecting. Fix stats for relays withoug mount section.
+ <li>Prevent too frequent YP updates.
+ <li>Only allow raw metadata updates from same IP as connected source (unless user is admin). This adresses broken client software that issues updates without being connected.
+ <li>Minor memory leaks
+ <li>XSPF file installation
+ <li>Fix case of global listeners count becoming out of sync.
+ <li>Setting an interval of 0 in mount should disable shoutcast metadata inserts.
+ <li>Default for non-Ogg content is now Latin-1 (aka ISO-8859-1). Ogg content still uses UTF-8.
+</ul><br />
+<li>Authentication
+<ul>
+ <li>Sources can now be authenticated via URL, like listeners.
+Post info is "action=stream_auth&mount=/stream&ip=IP&server=SERVER&port=8000&user=fred&pass=pass "
+As admin requests can come in for a stream (eg metadata update) these requests
+can be issued while stream is active. For these &admin=1 is added to the POST
+details.
+</ul><br />
+<li>XSL update
+<ul>
+ <li>Automatically generate VCLT playlist like we do with M3U, the mountpoint extension is .vclt
+</ul><br />
+<li>Documentation updates.
+</ul>
+<div class="poster">
+Posted June 11, 2012 by dm8tbr
+</div>
+</div>
+<div class="roundbottom">
+<img alt="" src="/images/corner_bottomleft.jpg" class="corner" style="display: none" />
+</div>
+</div>
+<br />
+<br />
+
+<div class="roundcont">
+<div class="roundtop">
+<img alt="" src="/images/corner_topleft.jpg" class="corner" style="display: none" />
+</div>
+<div class="newscontent">
<h3>Icecast Release 2.3.2</h3>
We are pleased to announce the next release of Icecast. A summary of the changes are listed below
<br />
More information about the commits
mailing list