Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 5025:cf22972fe080
Preparing 1.5.1 steps 3/16
1. ./run_test.py passed
[x] windows, 2.7
[x] linux, 2.7
2. Update version
CHANGES.txt
roundup/__init__.py
3. Update documentation
doc/announcement.txt
doc/upgrading.txt
| author | anatoly techtonik <techtonik@gmail.com> |
|---|---|
| date | Mon, 11 Jan 2016 19:04:12 +0300 |
| parents | a403c29ffaf9 |
| children | 5251e97b1de0 |
comparison
equal
deleted
inserted
replaced
| 5024:edf62f78605f | 5025:cf22972fe080 |
|---|---|
| 21 :local: | 21 :local: |
| 22 | 22 |
| 23 Migrating from 1.5.0 to 1.5.1 | 23 Migrating from 1.5.0 to 1.5.1 |
| 24 ============================= | 24 ============================= |
| 25 | 25 |
| 26 User data visibility | |
| 27 -------------------- | |
| 28 | |
| 26 For security reasons you should change the permissions on the user | 29 For security reasons you should change the permissions on the user |
| 27 class. We previously shipped a configuration that allowed users to see | 30 class. We previously shipped a configuration that allowed users to see |
| 28 too many of other users details, including hashed passwords under | 31 too many of other users details, including hashed passwords under |
| 29 certain circumstances. In schema.py in your tracker, replace the line:: | 32 certain circumstances. In schema.py in your tracker, replace the line:: |
| 30 | 33 |
| 38 db.security.addPermissionToRole('User', p) | 41 db.security.addPermissionToRole('User', p) |
| 39 | 42 |
| 40 Note that this removes visibility of user emails, if you want emails to | 43 Note that this removes visibility of user emails, if you want emails to |
| 41 be visible you can add 'address' and 'alternate_addresses' to the list | 44 be visible you can add 'address' and 'alternate_addresses' to the list |
| 42 above. | 45 above. |
| 46 | |
| 47 XSS protection for custom actions | |
| 48 --------------------------------- | |
| 49 | |
| 43 If you have defined your own cgi actions in your tracker instance | 50 If you have defined your own cgi actions in your tracker instance |
| 44 (e.g. in a custom ``extensions/spambayes.py`` file) you need to modify | 51 (e.g. in a custom ``extensions/spambayes.py`` file) you need to modify |
| 45 all cases where client.error_message or client.ok_message are modified | 52 all cases where client.error_message or client.ok_message are modified |
| 46 directly. Instead of:: | 53 directly. Instead of:: |
| 47 | 54 |