From: matty%chariot.net.au <> Date: Sat, 8 Jun 2002 06:38:26 +0000 (+0000) Subject: Release notes updates. X-Git-Tag: bugzilla-2.16rc2~1 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d01062b8a101c84a7bc7c63a66c064df6224af3d;p=thirdparty%2Fbugzilla.git Release notes updates. --- diff --git a/docs/rel_notes.txt b/docs/rel_notes.txt index 5501eba8a5..808b4a8ff2 100644 --- a/docs/rel_notes.txt +++ b/docs/rel_notes.txt @@ -131,10 +131,6 @@ fix the problem on your installation. *** SECURITY ISSUES RESOLVED *** -- The bug list sort order could take arbitrary SQL. There - are no known exploits for this problem. - (bug 130821) - - The bug reporter could set the priority even when 'letsubmitterchoosepriority' was off. (bug 63018) @@ -389,6 +385,12 @@ fix the problem on your installation. corrupted. (bug 92263) +- The bug list sort order is now stricter about the SQL it will accept, + ensuring you use correct column name syntax. Before this, there were + some syntax checks, so it is not known whether this problem was + exploitable. + (bug 130821) + ******************************************** *** USERS UPGRADING FROM 2.14 OR EARLIER *** ********************************************