Mercurial > p > roundup > code

diff CHANGES.txt @ 4559:86a270b5b993

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Ignore confirm set() fields by themselves in the absence of non-"confirm" values; otherwise a bare confirm field can be used to change the a password. Reported by Cam Blackwood.
author Richard Jones <richard@mechanicalcat.net>
date Mon, 07 Nov 2011 13:59:43 +1100
parents d9d7319afffa
children 56def59a5194
line wrap: on
line diff
--- a/CHANGES.txt	Mon Oct 31 17:48:11 2011 -0400
+++ b/CHANGES.txt	Mon Nov 07 13:59:43 2011 +1100
@@ -43,6 +43,10 @@
   we now have a regression test. We now take care that bounce-messages
   for incoming encrypted mails or mails where the policy dictates that
   outgoing traffic should be encrypted is actually pgp-encrypted. (Ralf)
+- Ignore confirm set() fields by themselves in the absence of non-"confirm"
+  values; otherwise a bare confirm field can be used to change the a
+  password. Reported by Cam Blackwood.
+
 
 2011-07-15 1.4.19
Roundup Issue Tracker: http://roundup-tracker.org/