Bug 355728: [SECURITY] XSS in the "id" parameter of showdependencygraph.cgi when "doall" is set - Patch by Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit a=justdave

author: lpsolit%gmail.com <> 2008-04-04 13:48:10 +0200
committer: lpsolit%gmail.com <> 2008-04-04 13:48:10 +0200
commit: ba64b163e6609094d1d89ddfe3b1c1a740c29259 (patch)
tree: 994915fb54ab065c9cad5aacdd1fc17b3568b098 /docs/en
parent: 856dcd4d732a4f748fdd6765b44ef6c7064743b5 (diff)
download: bugzilla-ba64b163e6609094d1d89ddfe3b1c1a740c29259.tar.gz
bugzilla-ba64b163e6609094d1d89ddfe3b1c1a740c29259.tar.xz
1 files changed, 3 insertions, 4 deletions
diff --git a/docs/en/rel_notes.txt b/docs/en/rel_notes.txt
index f70c508a4..98ddc4da8 100644
--- a/docs/en/rel_notes.txt
+++ b/docs/en/rel_notes.txt
@@ -577,11 +577,10 @@ every login cookie Bugzilla has ever given out.)
 Version 2.22.1
 --------------
 
-The Bugzilla team fixed two Information Leaks and two Cross-Site
+The Bugzilla team fixed two Information Leaks and three Cross-Site
 Scripting vulnerabilities that existed in versions of Bugzilla
-prior to 2.22.1. None of them are considered to be of critical
-severity, but we still strongly recommend that you update any
-2.22 installation to 2.22.1.
+prior to 2.22.1. We strongly recommend that you update any 2.22 
+installation to 2.22.1, to be protected from these vulnerabilities.
 
 In addition, we have made an enhancement to security in this version
 of Bugzilla. In previous versions, it was possible for malicious
author	lpsolit%gmail.com <>	2008-04-04 13:48:10 +0200
committer	lpsolit%gmail.com <>	2008-04-04 13:48:10 +0200
commit	ba64b163e6609094d1d89ddfe3b1c1a740c29259 (patch)
tree	994915fb54ab065c9cad5aacdd1fc17b3568b098 /docs/en
parent	856dcd4d732a4f748fdd6765b44ef6c7064743b5 (diff)
download	bugzilla-ba64b163e6609094d1d89ddfe3b1c1a740c29259.tar.gz bugzilla-ba64b163e6609094d1d89ddfe3b1c1a740c29259.tar.xz