Mercurial > p > roundup > code
diff CHANGES.txt @ 7093:f72ce883e677
Mitigation for issue2551246 -u opton to roundup-admin
The -u option ignores the password and doesn't limit access to the
data.
Not a huge issue as currently anybody running it must have read access
to the tracker home and all the credentials. So they can change the
data directly using a db client or read anything they want.
But this wasn't documented. Now it is.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 30 Nov 2022 02:09:16 -0500 |
| parents | 739b9f017d2c |
| children | 570abc4c6548 |
line wrap: on
line diff
--- a/CHANGES.txt Wed Nov 30 00:01:48 2022 -0500 +++ b/CHANGES.txt Wed Nov 30 02:09:16 2022 -0500 @@ -50,6 +50,8 @@ more than one issue with a matching parent message, fall back to subject matching. See upgrading.txt for details. (John Rouillard) - issue2551195 - port scripts from optparse to argparse (Ralf Schlatterbeck) +- issue2551246 - mitigation, document how -u doesn't work for + roundup-admin. (John Rouillard) Features: @@ -182,6 +184,9 @@ if the user doesn't have edit permissions. (John Rouillard) - issue2551216 - create new mysql databases using COLLATE utf8_general_ci to prevent crashes in test suite. (John Rouillard) +- issue2551146 - fix issues with strings that have multiple %s + substutions that were not labeled making i18n difficult/impossible. + (John Rouillard) Features: