This is where announcements of new releases, features, and other news are posted. IkiWikiUsers are recommended to subscribe to this page's RSS feed.

RSS Add a new post titled:

ikiwiki 3.20170111 released with these changes

  • passwordauth: prevent authentication bypass via multiple name parameters (CVE-2017-0356, OVE-20170111-0001)
  • passwordauth: avoid userinfo forgery via repeated email parameter (also in the scope of CVE-2017-0356)
  • CGI, attachment, passwordauth: harden against repeated parameters (not believed to have been a vulnerability)
  • remove: make it clearer that repeated page parameter is OK here
  • t/passwordauth.t: new automated test for passwordauth
Posted Wed 11 Jan 2017 15:00:48 JEST

ikiwiki 3.20170110 released with these changes

  • [ Amitai Schleier ]
    • wrappers: Correctly escape quotes in git_wrapper_background_command
  • [ Simon McVittie ]
    • git: use an explicit function parameter for the directory to work in. Previously, we used global state that was not restored correctly on catching exceptions, causing an unintended log message "cannot chdir to .../ikiwiki-temp-working: No such file or directory" with versions >= 3.20161229 when an attempt to revert a change fails or is disallowed
    • git: don't run "git rev-list ... -- -- ..." which would select the wrong commits if a file named literally "--" is present in the repository
    • check_canchange: log "bad file name whatever", not literal string "bad file name %s"
    • t/git-cgi.t: fix a race condition that made the test fail intermittently
    • t/git-cgi.t: be more careful to provide a syntactically valid author/committer name and email, hopefully fixing this test on
    • templates, comments, passwordauth: use rel=nofollow microformat for dynamic URLs
    • templates: use rel=nofollow microformat for comment authors
    • news: use Debian security tracker instead of MITRE for security references. Thanks, anarcat
    • Set package format to 3.0 (native)
    • d/copyright: re-order to put more specific stanzas later, to get the intended interpretation
    • d/source/lintian-overrides: override obsolete-url-in-packaging for OpenID Selector, which does not seem to have any more current URL (and in any case our version is a fork)
    • docwiki.setup: exclude TourBusStop from offline documentation. It does not make much sense there.
    • d/ikiwiki.lintian-overrides: override script-not-executable warnings
    • d/ikiwiki.lintian-overrides: silence false positive spelling warning for Moin Moin
    • d/ikiwiki.doc-base: register the documentation with doc-base
    • d/control: set libmagickcore-6.q16-3-extra as preferred build-dependency, with virtual package libmagickcore-extra as an alternative, to help autopkgtest to do the right thing
Posted Tue 10 Jan 2017 09:57:31 JEST

ikiwiki 3.20161229.1 released with these changes

  • git: Attribute reverts to the user doing the revert, not the wiki itself.
  • git: Do not disable the commit hook while preparing a revert.
Posted Thu 29 Dec 2016 17:34:17 JEST

ikiwiki 3.20161229 released with these changes

  • Security: force CGI::FormBuilder->field to scalar context where necessary, avoiding unintended function argument injection analogous to CVE-2014-1572. In ikiwiki this could be used to forge commit metadata, but thankfully nothing more serious. (CVE-2016-9646)
  • Security: try revert operations in a temporary working tree before approving them. Previously, automatic rename detection could result in a revert writing outside the wiki srcdir or altering a file that the reverting user should not be able to alter, an authorization bypass. (CVE-2016-10026 represents the original vulnerability.) The incomplete fix released in 3.20161219 was not effective for git versions prior to 2.8.0rc0. (CVE-2016-9645 represents that incomplete solution.)
  • Add CVE references for CVE-2016-10026
  • Add automated test for using the CGI with git, including CVE-2016-10026
    • Build-depend on libipc-run-perl for better build-time test coverage
  • Add missing ikiwiki.setup for the manual test for CVE-2016-10026
  • git: don't issue a warning if the rcsinfo CGI parameter is undefined
  • git: do not fail to commit changes with a recent git version and an anonymous committer
Posted Thu 29 Dec 2016 16:05:02 JEST

ikiwiki 3.20161219 released with these changes

  • [ Joey Hess ]
    • inline: Prevent creating a file named ".mdwn" when the postform is submitted with an empty title.
  • [ Simon McVittie ]
    • Security: tell git revert not to follow renames. If it does, then renaming a file can result in a revert writing outside the wiki srcdir or altering a file that the reverting user should not be able to alter, an authorization bypass. Thanks, intrigeri. (CVE-2016-10026)
    • cgitemplate: remove some dead code. Thanks, blipvert
    • Restrict CSS matches against header class to not break Pandoc tables with header rows. Thanks, karsk
    • Make pagestats output more deterministic. Thanks, intrigeri
Posted Mon 19 Dec 2016 17:25:03 JEST

ikiwiki-hosting is an interface on top of Ikiwiki to allow easy management of lots of ikiwiki sites. I developed it for Branchable, an Ikiwiki hosting provider. It has a powerful, scriptable command-line interface, and also includes special-purpose ikiwiki plugins for things like a user control panel.

To get a feel for it, here are some examples:

ikisite create --admin
ikisite branch
ikisite backup --stdout | ssh otherhost 'ikisite restore --stdin'

ikiwiki-hosting is free software, released under the AGPL. Its website: --Joey

Posted Thu 05 Aug 2010 17:44:47 JEST

The domain has been moved to a new server. If you can see this, your DNS has already caught up and you are using the new server. By the way, the new server should be somewhat faster. --Joey

Posted Sat 12 Dec 2009 16:19:42 JEST

Ikiwiki has reached version 3.0 and entered a new phase in its development cycle.

The 3.0 release of ikiwiki changes several defaults and finishes some transitions. You will need to modify your wikis to work with ikiwiki 3.0. A document explaining the process is available in upgrade to 3.0.

The highlights of the changes in version 3.0 include:

Thanks to the many contributors to ikiwiki 3.0, including:

Jelmer Vernooij, Recai Oktaş, William Uther, Simon McVittie, Axel Beckert, Bernd Zeimetz, Gabriel McManus, Paweł Tęcza, Peter Simons, Manoj Srivastava, Patrick Winnertz, Jeremie Koenig, Josh Triplett, thm, Michael Gold, Jason Blevins, Alexandre Dupas, Henrik Brix Andersen, Thomas Keller, Enrico Zini, intrigeri, Scott Bronson, Brian May, Adeodato Simó, Brian Downing, Nis Martensen. (And anyone I missed.)

Also, thanks to the users, bug submitters, and documentation wiki editors. Without you, ikiwiki would just be a little thing I use for my home page.


Posted Wed 31 Dec 2008 16:30:41 JEST

Now you can use git to clone this wiki, and push your changes back, thanks to ikiwiki's new support for untrusted git push. Enjoy working on the wiki while offline! --Joey

Posted Fri 24 Oct 2008 16:08:36 JEST

I've produced a code_swarm visualization of the first 2+ years of ikiwiki's commit history.


PS, while I'm posting links to videos, here's a video of a lightning talk about ikiwiki.



Interesting things to watch for:

  • Initial development of ikiwiki to the point it was getting web edits. (First 2 seconds of video!)
  • Introduction to plugin support, and later, plugin changes dominating code changes.
  • Introduction of openid support and the resulting swarm of openid commenters.
  • Switch to git, my name in the logs changes from "joey" to "Joey Hess", and there are more code commits directly from others.

Getting the commit log was tricky because every web commit is in there too, so it has to deal with things like IPs and openids. The code swarm script will munge the log to handle these, and it was configured with code swarm.config.

Video editing by kino, ffmpeg, ffmpeg2theora, and too many hours of pain.

Audio by the Punch Brothers.

Posted Fri 11 Jul 2008 09:58:19 JEST

I was asked a good question today: How can a company find someone to work on ikiwiki? To help answer this question, I've set up a consultants page. If you might be interested in being paid to work on ikiwiki, please add your information to the page. --Joey

And here's the first company looking for an ikiwiki developer that I am aware of:

The TOVA Company, a small medical software and hardware company in Portland, Oregon, is looking for developers to add functionality to ikiwiki. We're looking for developers who are already familiar with ikiwiki development, including plugins, and who would be willing to work on a part-time, non-employee, project-based basis for each of the small features that we want. The features we're interested in would obviously be GPL'd, and released to the community (if they'll have them :) ). Please contact Andrew Greenberg (andrew@thetovacompany) if you're interested. Thanks!

Posted Thu 12 Jun 2008 16:34:18 JEST

I've gone ahead and moved to the faster box mentioned on server speed. Most poll respondants felt the old box was fast enough, but it's getting a bit overloaded with other stuff.

If you can see this, you're seeing the new server. If not, your DNS server hasn't caught up yet. I'll keep the old server up for a while too and merge any changes across since git makes that bog-easy.

Please report any problems..

Posted Wed 19 Mar 2008 23:07:13 JEST has upgraded to the not yet released ikiwiki 2.30. This version of ikiwiki drops support for subscribing to commit mail notifications for pages. The idea is that you can subscribe to the new RecentChanges feed instead. (Or create your own custom feed of only the changes you're interested in, and subscribe to that.)

So if you were subscribed to mail notifications on here, you'll need to change how you keep track of changes. Please let me know if there are any missing features in the RecentChanges feeds.

Statically building the RecentChanges also has performance implications, I'll keep an eye on server speed..


Posted Tue 29 Jan 2008 19:48:01 JEST

I've put together a short screencast that covers approximatly the first half of the setup document, and includes a demo of setting up a blog using ikiwiki.

.. And now I've added a second screencast. Note that this uses a script that is only available in the as yet unreleased ikiwiki version 2.15.


Posted Mon 26 Nov 2007 20:14:22 JEST

I've started using git as ikiwiki's main repository. See download for repository locations.

Note that all the sha1sums have changed from those in previously published git repositories. Blame git-svnimport.

I hope that this will make it easier to maintain and submit patches for ikiwiki.


Posted Wed 24 Oct 2007 22:21:06 JEST

Ikiwiki has reached version 2.0 and entered a new phase in its development cycle.

With the 2.0 release of ikiwiki, some major changes have been made to the default configuration:

  • The usedirs setting is enabled by default. This will break all URLs to wikis that did not have usedirs turned on before, unless you follow the procedure described at switching to usedirs or edit your setup file to turn usedirs off: usedirs => 0,
  • OpenID logins are now enabled by default, if the Net::OpenID::Consumer perl module is available. Password logins are also still enabled by default. If you like, you can turn either OpenID or password logins off via the disable_plugins setting.

An overview of changes in the year since the 1.0 release:

  • New improved URLs to pages via usedirs.
  • OpenID support, enabled by default.
  • Plugin interface added, with some 60 plugins available, greatly expanding the capabilities of ikiwiki.
  • Tags, atom feeds, and generally full-fledged blogging support.
  • Fully working utf8.
  • Optimisations, approximately 3.5 times as fast as version 1.0.
  • Improved scalability to large numbers of pages.
  • Improved scalable logo.
  • Support for additional revision control systems besides svn: git, tla, mercurial.
  • Some support for other markup languages than markdown: rst, textile.
  • Unit test suite, with more than 300 tests.
Posted Mon 30 Apr 2007 00:51:57 JEST

Integrated issue tracking with Ikiwiki by Joey Hess is now available on (LinuxWorld's author contract also allows this article to become part of the project's documentation.) Learn how to use Ikiwiki inlining and PageSpecs for lightweight workflow. Joey also explains how having the BTS and docs in the project's revision control system can help users of distributed revision control systems keep bug tracking info in sync with code changes.

Posted Fri 06 Apr 2007 17:29:16 JEST

Google has accepted ikiwiki as a mentoring organization for Summer of Code 2007.

See our Summer of Code page for projects.


Posted Thu 15 Mar 2007 06:55:18 JEST

Quick poll: Do you feel that ikiwiki is fast enough on this server, or should I move it to my much beefier auxiliary server?

It's fast enough (80%)

It's too slow! (12%)

No opinion (8%)

Total votes: 50

If you have specifics on performance issues, you might mention them on the discussion page.

Ikiwiki is now hosted at Branchable.

Posted Tue 20 Feb 2007 06:40:02 JEST

Ikiwiki now has an IRC channel: #ikiwiki on

The channel features live commit messages for CIA for changes to both ikiwiki's code and this wiki. Plus occasional talk about ikiwiki.

Thanks to JoshTriplett for making this happen.

Posted Tue 20 Feb 2007 06:11:01 JEST

Ikiwiki has its own domain now, Update your links.

Posted Sun 18 Feb 2007 16:24:26 JEST

After looking up and noticing that another 8 hours had passed, replying to people and hacking, I've added a TipJar page, in case anyone feels like tossing me a few bucks for ikiwiki. TIA! --Joey

Posted Fri 29 Dec 2006 03:05:57 JEST

Ikiwiki in svn now has support for using OpenID, a decentralized authentication mechanism that allows you to have one login that you can use on a growing number of websites.

Traditional password-based logins are still supported, but I'm considering switching at least over to using only OpenID logins. That would mean blowing away all the currently registered users and their preferences. If you're active on this wiki, I suggest you log out and log back in, try out the OpenID signup process if you don't already have an OpenID, and see how OpenID works for you. And let me know your feelings about making such a switch. --Joey

Accept only OpenID for logins (51%)

Accept only password logins (14%)

Accept both (33%)

Total votes: 149
Posted Mon 20 Nov 2006 17:08:23 JEST

Some people may consider ikiwiki's default look to be a bit plain. Someone on slashdot even suggested perhaps it uses html 1.0. (Yes, an ikiwiki site has survived its first slashdotting. With static html, that's not very hard..) While the default style is indeed plain, there's more fine-tuning going on than you might think, and it's actually all done with xhtml and style sheets.

Stefano Zacchiroli came up with the idea of adding a css market page where IkiWikiUsers can share style sheets that you've come up with for ikiwiki. This is a great idea and I encourage those of you who have customised stylesheets to post them.

I'm also always looking for minimalistic yet refined additions to the default style sheet, and always appreciate suggestions for it.


Posted Fri 22 Sep 2006 20:12:21 JEST

By the way, some other pages with RSS feeds about ikiwiki include plugins, TODO and bugs.