summaryrefslogtreecommitdiff
path: root/CHANGES.md
diff options
context:
space:
mode:
authorSimonMichael <>2021-09-22 03:43:00 (GMT)
committerhdiff <hdiff@hdiff.luite.com>2021-09-22 03:43:00 (GMT)
commit7646d91a878d7f8a31af3c3d9238ef3ec67893bc (patch)
tree686a00ebf2f384070fa78017b31a505ed0bdfea3 /CHANGES.md
parenta6758ac148c80b561b12a2f17caa991c4ad74f29 (diff)
version 1.23HEAD1.23master
Diffstat (limited to 'CHANGES.md')
-rw-r--r--CHANGES.md34
1 files changed, 34 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 6662cd9..2d5764c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -9,6 +9,40 @@ __ _____| |__
User-visible changes in hledger-web.
See also the hledger changelog.
+# 1.23 2021-09-21
+
+Improvements
+
+- Drop the obsolete hidden `--binary-filename` flag.
+
+- Require base >=4.11, preventing red squares on Hackage's build matrix.
+
+Fixes
+
+- Toggle showing zero items properly even when called with --empty.
+ ([#1237](https://github.com/simonmichael/hledger/issues/1237), Stephen Morgan)
+
+- Do not hide empty accounts if they have non-empty subaccounts.
+ ([#1237](https://github.com/simonmichael/hledger/issues/1237), Stephen Morgan)
+
+- Allow unbalanced postings (parenthesised account name) in the add transaction form.
+ ([#1058](https://github.com/simonmichael/hledger/issues/1058), Stephen Morgan)
+
+- An XSS (cross-site scripting) vulnerability has been fixed.
+ Previously (since hledger-web 0.24), javascript code could be added
+ to any autocompleteable field and could be executed automatically
+ by subsequent visitors viewing the journal.
+ Thanks to Gaspard Baye and Hamidullah Muslih for reporting this vulnerability.
+ ([#1525](https://github.com/simonmichael/hledger/issues/1525), Arsen Arsenović)
+
+API changes
+
+- Renamed:
+ ```
+ version -> packageversion
+ versiondescription -> versionStringFor
+ ```
+
# 1.22.2 2021-08-07
- Use hledger 1.22.2.