[tokkee]

tokkee.org

Code

projects / roundup.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix security-problem: If user hasn't permission on a message (notably
[roundup.git] / CHANGES.txt
diff --git a/CHANGES.txt b/CHANGES.txt
index ecd1235256b6d6fb6ce10479b9988bf83d203883..ba91730e705af059a815a23a163583ce2cfdf78b 100644 (file)
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -16,6 +16,11 @@ Fixes:
   for reporting.
 - Fix some format errors in italian translation file
 - Some bugs issue classifiers were causing database lookup errors
+- Fix security-problem: If user hasn't permission on a message (notably
+  files and content properties) and is on the nosy list, the content was
+  sent via email. We now check that user has permission on the message
+  content and files properties. Thanks to Intevation for funding this
+  fix.
 
 
 2009-10-09 1.4.10 (r4374)
Roundup Issue Tracker (SVN clone)