Mercurial > p > roundup > code

diff CHANGES.txt @ 4088:34434785f308

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Plug a number of security holes: - EditCSV and ExportCSV altered to include permission checks - HTTP POST required on actions which alter data - HTML file uploads served as application/octet-stream - New item action reject creation of new users - Item retirement was not being controlled Additionally include documentation of the changes and modify affected tests.
author Richard Jones <richard@users.sourceforge.net>
date Thu, 12 Mar 2009 02:25:03 +0000
parents a5b68d46bce8
children eddb82d0964c
line wrap: on
line diff
--- a/CHANGES.txt	Tue Mar 10 21:01:20 2009 +0000
+++ b/CHANGES.txt	Thu Mar 12 02:25:03 2009 +0000
@@ -1,6 +1,18 @@
 This file contains the changes to the Roundup system over time. The entries
 are given with the most recent entry first.
 
+2009-03-?? 1.4.7
+
+Fixes:
+- a number of security issues were discovered by Daniel Diniz
+- EditCSV and ExportCSV altered to include permission checks
+- HTTP POST required on actions which alter data
+- HTML file uploads served as application/octet-stream
+- New item action reject creation of new users
+- Item retirement was not being controlled
+- XXX need to include Stefan's changes in here too
+
+
 2008-09-01 1.4.6
 Fixed:
 - Fix bug introduced in 1.4.5 in RDBMS full-text indexing
Roundup Issue Tracker: http://roundup-tracker.org/