Kallithea 0.3.6 released

This release is a stable bugfix release, including fixes for security issues.

Changes since release 0.3.5:

  • database: drop constraint that started failing ith MariaDB 10.2 / MySQL 5.7 (issue #324)

  • hg: mitigate some privilege escalation problems that were fixed in Mercurial 4.5.1 (CVE-2018-1000132, see Mercurial release notes)

  • markdown: sanitize generated HTML to fix cross-site scripting (XSS) issue when repo front page shows README.md. See details. This issue was reported by Bob Hogg, thanks!