Mercurial > p > roundup > code

view doc/index.txt @ 5257:928512faf565

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- issue2550864: Potential information leakage via journal/history Original code didn't fully implement the security checks. Users with only Edit access on a property were not able to view the journal entry for the property. This patch fixes that. Also had additional info leakage: the target object of a link or multilink must be viewable or editable in order for the journal entry to be shown. Otherwise the existance of the target is exposed via the journal while it is blocked from searches, direct access etc.
author John Rouillard <rouilj@ieee.org>
date Sun, 27 Aug 2017 00:19:48 -0400
parents 487dc55e3c5e
children 3e1b66c4e1e2
line wrap: on
line source

=======================================================
Roundup: an Issue-Tracking System for Knowledge Workers
=======================================================

For how to contact the community see http://www.roundup-tracker.org .

Contents
========

.. toctree::
   :maxdepth: 2

   features
   installation
   upgrading
   FAQ
   user_guide
   customizing
   admin_guide
   debugging
   xmlrpc
   overview
   Design (original) <design>
   developers
   tracker_templates
   Notes about the MySQL Database backend <mysql>
   Notes about the PostgreSQL Database backend <postgresql>
   glossary
   acknowledgements
   Richard Jones implementation notes <implementation>
   license
Roundup Issue Tracker: http://roundup-tracker.org/