Mercurial > kallithea
diff README.rst @ 5810:81057be7a5c1 stable
auth: properly invoke PermFunctions (CVE-2016-3114)
This fixes a vulnerability that allowed logged-in users to edit or
delete open pull requests associated with any repository to which
they had read access, plus a related vulnerability allowing logged-in
users to delete any comment from any repository, provided they could
determine the comment ID and had read access to just one repository.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Tue, 19 Apr 2016 16:57:38 +0200 |
parents | ae9ab4c92d46 |
children | ed2fb6e84a02 99cd328da2a1 |