Mercurial > p > roundup > code
diff doc/upgrading.txt @ 5025:cf22972fe080
Preparing 1.5.1 steps 3/16
1. ./run_test.py passed
[x] windows, 2.7
[x] linux, 2.7
2. Update version
CHANGES.txt
roundup/__init__.py
3. Update documentation
doc/announcement.txt
doc/upgrading.txt
| author | anatoly techtonik <techtonik@gmail.com> |
|---|---|
| date | Mon, 11 Jan 2016 19:04:12 +0300 |
| parents | a403c29ffaf9 |
| children | 5251e97b1de0 |
line wrap: on
line diff
--- a/doc/upgrading.txt Mon Jan 11 17:43:37 2016 +0300 +++ b/doc/upgrading.txt Mon Jan 11 19:04:12 2016 +0300 @@ -23,6 +23,9 @@ Migrating from 1.5.0 to 1.5.1 ============================= +User data visibility +-------------------- + For security reasons you should change the permissions on the user class. We previously shipped a configuration that allowed users to see too many of other users details, including hashed passwords under @@ -40,6 +43,10 @@ Note that this removes visibility of user emails, if you want emails to be visible you can add 'address' and 'alternate_addresses' to the list above. + +XSS protection for custom actions +--------------------------------- + If you have defined your own cgi actions in your tracker instance (e.g. in a custom ``extensions/spambayes.py`` file) you need to modify all cases where client.error_message or client.ok_message are modified