![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/doc/upgrading.txt b/doc/upgrading.txt
index b2f53d8d0f7248afec23e09d2d9fdda7d73c828e..8591021aa4efc90d4504f654d247a397204d18b0 100644 (file)
--- a/doc/upgrading.txt
+++ b/doc/upgrading.txt
"Create" permissions exist for all properties you want users to be able
to create.
+
Fixing some potential security holes
------------------------------------
+Enhanced checking was added to the user registration auditor. If you
+run a public tracker you should update your tracker's
+``detectors/userauditor.py`` using the new code from
+``share/roundup/templates/classic/detectors/userauditor.py``. In most
+cases you may just copy the file over, but if you've made changes to
+the auditor in your tracker then you'll need to manually integrate
+the new code.
+
Some HTML templates were found to have formatting security problems:
``html/page.html``::