From: richard Date: Tue, 12 Jan 2010 05:28:51 +0000 (+0000) Subject: more security update doc X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=e70a5c8c99d78792afa37b07ab3af3e42a126ce0;p=roundup.git more security update doc git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4426 57a73879-2fb5-44c3-a270-3262357dd7e2 --- diff --git a/doc/upgrading.txt b/doc/upgrading.txt index b2f53d8..8591021 100644 --- a/doc/upgrading.txt +++ b/doc/upgrading.txt @@ -22,9 +22,18 @@ permissions from the default distribution, you should check that "Create" permissions exist for all properties you want users to be able to create. + Fixing some potential security holes ------------------------------------ +Enhanced checking was added to the user registration auditor. If you +run a public tracker you should update your tracker's +``detectors/userauditor.py`` using the new code from +``share/roundup/templates/classic/detectors/userauditor.py``. In most +cases you may just copy the file over, but if you've made changes to +the auditor in your tracker then you'll need to manually integrate +the new code. + Some HTML templates were found to have formatting security problems: ``html/page.html``::