blob: a89da3009580250f510690abecbe800c66e2da91 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
$NetBSD: patch-bb,v 1.1 2009/09/13 01:15:11 taca Exp $
* Documentation update for Geeklog 1.5.2sr5 which isn't contained in
geeklog-1.5.2sr4-upgrade.tar.gz.
--- public_html/docs/history.orig 2009-04-18 16:47:32.000000000 +0900
+++ public_html/docs/history
@@ -1,5 +1,16 @@
Geeklog History/Changes:
+Jul 30, 2009 (1.5.2sr5)
+------------
+
+This release addresses the following security issues:
+- Gerendi Sandor Attila reported an XSS in the forms to email a user and to
+ email a story to a friend.
+- The "Mail Story to a Friend" function didn't check story permissions, so that
+ it was possible to email a story even if you didn't have the permissions to
+ view it on the site.
+
+
Apr 18, 2009 (1.5.2sr4)
------------
|
