Release notes updates.

author: matty%chariot.net.au <> 2008-04-04 13:47:46 +0200
committer: matty%chariot.net.au <> 2008-04-04 13:47:46 +0200
commit: 70ce5d7ba6deae9abe2ccca0c03abf5f75497090 (patch)
tree: 3e4a4b549a6a64c0ab2d1a2b0dc75448ee4744cc /docs/en/rel_notes.txt
parent: 4c187616b2af100dbc933217a76f38caaf983150 (diff)
download: bugzilla-70ce5d7ba6deae9abe2ccca0c03abf5f75497090.tar.gz
bugzilla-70ce5d7ba6deae9abe2ccca0c03abf5f75497090.tar.xz
1 files changed, 6 insertions, 4 deletions
diff --git a/docs/en/rel_notes.txt b/docs/en/rel_notes.txt
index 9d84e6818..366673f97 100644
--- a/docs/en/rel_notes.txt
+++ b/docs/en/rel_notes.txt
@@ -143,10 +143,6 @@ fix the problem on your installation.
 
 *** SECURITY ISSUES RESOLVED ***
 
-- The bug list sort order could take arbitrary SQL.  There
-  are no known exploits for this problem.
-  (bug 130821)
-
 - The bug reporter could set the priority even when
   'letsubmitterchoosepriority' was off.
   (bug 63018)
@@ -401,6 +397,12 @@ fix the problem on your installation.
   corrupted.
   (bug 92263)
 
+- The bug list sort order is now stricter about the SQL it will accept,
+  ensuring you use correct column name syntax.  Before this, there were
+  some syntax checks, so it is not known whether this problem was
+  exploitable.
+  (bug 130821)
+
 ********************************************
 *** USERS UPGRADING FROM 2.14 OR EARLIER ***
 ********************************************
author	matty%chariot.net.au <>	2008-04-04 13:47:46 +0200
committer	matty%chariot.net.au <>	2008-04-04 13:47:46 +0200
commit	70ce5d7ba6deae9abe2ccca0c03abf5f75497090 (patch)
tree	3e4a4b549a6a64c0ab2d1a2b0dc75448ee4744cc /docs/en/rel_notes.txt
parent	4c187616b2af100dbc933217a76f38caaf983150 (diff)
download	bugzilla-70ce5d7ba6deae9abe2ccca0c03abf5f75497090.tar.gz bugzilla-70ce5d7ba6deae9abe2ccca0c03abf5f75497090.tar.xz