Plug a number of security holes: - EditCSV and ExportCSV altered to include permission checks - HTTP POST required on actions which alter data - HTML file uploads served as application/octet-stream - New item action reject creation of new users - Item retirement was not being controlled Additionally include documentation of the changes and modify affected tests.

; This is a sample configuration file for roundup-server. See the
; admin_guide for information about its contents.
[main]
port = 8080
;hostname = 
;user = 
;group = 
;log_ip = yes
;pidfile = 
;logfile = 
;template =
;ssl = no
;pem =


; Add one of these per tracker being served
[trackers]
home = /path/to/tracker