Plug a number of security holes: - EditCSV and ExportCSV altered to include permission checks - HTTP POST required on actions which alter data - HTML file uploads served as application/octet-stream - New item action reject creation of new users - Item retirement was not being controlled Additionally include documentation of the changes and modify affected tests.

announcement.html
customizing.html
developers.html
implementation.html
index.html
installation.html
user_guide.html
FAQ.html
security.html
features.html
upgrading.html
glossary.html
design.html
admin_guide.html
overview.html
mysql.html
postgresql.html
tracker_templates.html
whatsnew-0.7.html
whatsnew-0.8.html
*.ht