Mercurial > p > roundup > code

diff CHANGES.txt @ 4289:7275e3dec0e0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix security-problem: If user hasn't permission on a message... ...(notably files and content properties) and is on the nosy list, the content was sent via email. We now check that user has permission on the message content and files properties. Also add a regression test for this.
author Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
date Mon, 30 Nov 2009 14:45:44 +0000
parents ce684080e968
children b1772fdb09d0
line wrap: on
line diff
--- a/CHANGES.txt	Sat Nov 28 22:44:02 2009 +0000
+++ b/CHANGES.txt	Mon Nov 30 14:45:44 2009 +0000
@@ -16,6 +16,11 @@
   for reporting.
 - Fix some format errors in italian translation file
 - Some bugs issue classifiers were causing database lookup errors
+- Fix security-problem: If user hasn't permission on a message (notably
+  files and content properties) and is on the nosy list, the content was
+  sent via email. We now check that user has permission on the message
+  content and files properties. Thanks to Intevation for funding this
+  fix.
 
 
 2009-10-09 1.4.10 (r4374)
Roundup Issue Tracker: http://roundup-tracker.org/