more security update doc

author richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>

Tue, 12 Jan 2010 05:28:51 +0000 (05:28 +0000)

committer richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>

Tue, 12 Jan 2010 05:28:51 +0000 (05:28 +0000)
author richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
Tue, 12 Jan 2010 05:28:51 +0000 (05:28 +0000)
committer richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
Tue, 12 Jan 2010 05:28:51 +0000 (05:28 +0000)
diff --git a/doc/upgrading.txt b/doc/upgrading.txt

index b2f53d8d0f7248afec23e09d2d9fdda7d73c828e..8591021aa4efc90d4504f654d247a397204d18b0 100644 (file)
--- a/doc/upgrading.txt
+++ b/doc/upgrading.txt
@@ -22,9 +22,18 @@ permissions from the default distribution, you should check that
  "Create" permissions exist for all properties you want users to be able
  to create.
  
+
  Fixing some potential security holes
  ------------------------------------
  
+Enhanced checking was added to the user registration auditor. If you
+run a public tracker you should update your tracker's
+``detectors/userauditor.py`` using the new code from
+``share/roundup/templates/classic/detectors/userauditor.py``. In most
+cases you may just copy the file over, but if you've made changes to
+the auditor in your tracker then you'll need to manually integrate
+the new code.
+
  Some HTML templates were found to have formatting security problems:
  
  ``html/page.html``::
author	richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
	Tue, 12 Jan 2010 05:28:51 +0000 (05:28 +0000)
committer	richard <richard@57a73879-2fb5-44c3-a270-3262357dd7e2>
	Tue, 12 Jan 2010 05:28:51 +0000 (05:28 +0000)