diff options
| author | matty%chariot.net.au <> | 2002-06-08 08:39:35 +0200 |
|---|---|---|
| committer | matty%chariot.net.au <> | 2002-06-08 08:39:35 +0200 |
| commit | 58a015c7371684ee84483c4e3da5e597f6c86e75 (patch) | |
| tree | a0b3fbeeab80dc1813737dcbcea23f38fc0aca89 | |
| parent | acd62bd9d18593c3953eb1633877bedc3741f8ce (diff) | |
| download | bugzilla-58a015c7371684ee84483c4e3da5e597f6c86e75.tar.gz bugzilla-58a015c7371684ee84483c4e3da5e597f6c86e75.tar.xz | |
Release notes updates.
| -rw-r--r-- | docs/rel_notes.txt | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/docs/rel_notes.txt b/docs/rel_notes.txt index 9d84e6818..366673f97 100644 --- a/docs/rel_notes.txt +++ b/docs/rel_notes.txt @@ -143,10 +143,6 @@ fix the problem on your installation. *** SECURITY ISSUES RESOLVED *** -- The bug list sort order could take arbitrary SQL. There - are no known exploits for this problem. - (bug 130821) - - The bug reporter could set the priority even when 'letsubmitterchoosepriority' was off. (bug 63018) @@ -401,6 +397,12 @@ fix the problem on your installation. corrupted. (bug 92263) +- The bug list sort order is now stricter about the SQL it will accept, + ensuring you use correct column name syntax. Before this, there were + some syntax checks, so it is not known whether this problem was + exploitable. + (bug 130821) + ******************************************** *** USERS UPGRADING FROM 2.14 OR EARLIER *** ******************************************** |