diff options
author | matty%chariot.net.au <> | 2008-04-04 13:47:46 +0200 |
---|---|---|
committer | matty%chariot.net.au <> | 2008-04-04 13:47:46 +0200 |
commit | 70ce5d7ba6deae9abe2ccca0c03abf5f75497090 (patch) | |
tree | 3e4a4b549a6a64c0ab2d1a2b0dc75448ee4744cc | |
parent | 4c187616b2af100dbc933217a76f38caaf983150 (diff) | |
download | bugzilla-70ce5d7ba6deae9abe2ccca0c03abf5f75497090.tar.gz bugzilla-70ce5d7ba6deae9abe2ccca0c03abf5f75497090.tar.xz |
Release notes updates.
-rw-r--r-- | docs/en/rel_notes.txt | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/docs/en/rel_notes.txt b/docs/en/rel_notes.txt index 9d84e6818..366673f97 100644 --- a/docs/en/rel_notes.txt +++ b/docs/en/rel_notes.txt @@ -143,10 +143,6 @@ fix the problem on your installation. *** SECURITY ISSUES RESOLVED *** -- The bug list sort order could take arbitrary SQL. There - are no known exploits for this problem. - (bug 130821) - - The bug reporter could set the priority even when 'letsubmitterchoosepriority' was off. (bug 63018) @@ -401,6 +397,12 @@ fix the problem on your installation. corrupted. (bug 92263) +- The bug list sort order is now stricter about the SQL it will accept, + ensuring you use correct column name syntax. Before this, there were + some syntax checks, so it is not known whether this problem was + exploitable. + (bug 130821) + ******************************************** *** USERS UPGRADING FROM 2.14 OR EARLIER *** ******************************************** |