summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjustdave%syndicomm.com <>2008-04-04 13:47:32 +0200
committerjustdave%syndicomm.com <>2008-04-04 13:47:32 +0200
commitd2dfb167dd3aff403350f35b27fbe62b07049ca6 (patch)
tree2652c2fa67d3f8e1f42e5645bc0127471061ce9c
parentf8ae6c3c40afb3d1ee44e36a8a8a6e6784a70105 (diff)
downloadbugzilla-d2dfb167dd3aff403350f35b27fbe62b07049ca6.tar.gz
bugzilla-d2dfb167dd3aff403350f35b27fbe62b07049ca6.tar.xz
addition to 2.12 release notes
-rw-r--r--docs/en/rel_notes.txt4
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/en/rel_notes.txt b/docs/en/rel_notes.txt
index 4def4caf3..81807ef4f 100644
--- a/docs/en/rel_notes.txt
+++ b/docs/en/rel_notes.txt
@@ -60,6 +60,10 @@ bugzilla.mozilla.org.
middle.
(bug 29820)
+- Some security holes have been fixed where shell escape characters
+ could be passed to Bugzilla, allowing remote users to execute
+ system commands on the web server.
+
*** Other changes of note ***
- Bug titles now appear in the page title, and will hence