Mercurial > p > roundup > code
comparison CHANGES.txt @ 4308:b30bdfae4461
Fix security hole allowing user permission escalation
(thanks Ralf Schlatterbeck)
also update docs and prepare for a release
| author | Richard Jones <richard@users.sourceforge.net> |
|---|---|
| date | Sun, 20 Dec 2009 23:24:21 +0000 |
| parents | 82f7f8708e1b |
| children | 4ce71b5480a8 |
comparison
equal
deleted
inserted
replaced
| 4307:82f7f8708e1b | 4308:b30bdfae4461 |
|---|---|
| 5 | 5 |
| 6 Features: | 6 Features: |
| 7 - Generic class editor may now restore retired items (thanks Ralf Hemmecke) | 7 - Generic class editor may now restore retired items (thanks Ralf Hemmecke) |
| 8 | 8 |
| 9 Fixes: | 9 Fixes: |
| 10 - Fix security hole allowing user permission escalation (thanks Ralf | |
| 11 Schlatterbeck) | |
| 10 - More SSL fixes. SSL wants the underlying socket non-blocking. So we | 12 - More SSL fixes. SSL wants the underlying socket non-blocking. So we |
| 11 don't call socket.setdefaulttimeout in case of SSL. This apparently | 13 don't call socket.setdefaulttimeout in case of SSL. This apparently |
| 12 never raises a WantReadError from SSL. | 14 never raises a WantReadError from SSL. |
| 13 This also fixes a case where a WantReadError is raised and apparently | 15 This also fixes a case where a WantReadError is raised and apparently |
| 14 the bytes already read are dropped (seems the WantReadError is really | 16 the bytes already read are dropped (seems the WantReadError is really |