Mercurial > kallithea
comparison docs/installation_win_old.rst @ 5810:81057be7a5c1 stable
auth: properly invoke PermFunctions (CVE-2016-3114)
This fixes a vulnerability that allowed logged-in users to edit or
delete open pull requests associated with any repository to which
they had read access, plus a related vulnerability allowing logged-in
users to delete any comment from any repository, provided they could
determine the comment ID and had read access to just one repository.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Tue, 19 Apr 2016 16:57:38 +0200 |
parents | 8c234ae2c258 |
children | ed2fb6e84a02 b777b096d9a2 |
comparison
equal
deleted
inserted
replaced
5809:93b512845dab | 5810:81057be7a5c1 |
---|