From: matty%chariot.net.au <>
Date: Sat, 28 Dec 2002 21:16:05 +0000 (+0000)
Subject: Release notes updates.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d93908df18d00a60b88146ec41a84042ea7ab7d3;p=thirdparty%2Fbugzilla.git

Release notes updates.
---

diff --git a/docs/rel_notes.txt b/docs/rel_notes.txt
index 2eb718484e..1ab2f61f02 100644
--- a/docs/rel_notes.txt
+++ b/docs/rel_notes.txt
@@ -1,9 +1,8 @@
-The 2.14.4 release fixes some major bugs, including security
-bugs.  Please see the upgrade procedure below for details on how
-to upgrade to 2.14.4.
+The 2.14.5 release fixes some minor security issues in 2.14.4.  Please
+see the upgrade procedure below for details on how to upgrade to 2.14.5.
 
-Regarding security issues, please note that the release of 2.16.1
-(simultaneous with 2.14.4) incorporates various rearchitectures
+Regarding security issues, please note that the release of 2.16.2
+(simultaneous with 2.14.5) incorporates various rearchitectures
 that make failure-to-validate and failure-to-filter errors
 harder to insert and easier to spot.  In particular this means
 there may be holes in the 2.14 line that have not been
@@ -23,7 +22,7 @@ bugzilla.mozilla.org unless otherwise specified.
 
 *** Recommended Practice For The Upgrade ***
 
-As always, please ensure you have ran checksetup.pl after
+As always, please ensure you have run checksetup.pl after
 replacing the files in your installation.
 
 It is recommended that you view the sanity check page
@@ -124,6 +123,23 @@ fix the problem on your installation.
   option "The bug is resolved or verified" to achieve part of this.
   (bug 130821)
 
+***********************************************
+*** USERS UPGRADING FROM 2.14.4 OR EARLIER  ***
+***********************************************
+
+*** SECURITY ISSUES RESOLVED ***
+
+- Fixed a cross site scriptability issue in quips.  This is only a problem
+  if quips with HTML could have been inserted into your quips files.  Bugzilla
+  has not allowed this since 2.12.
+  (bug 179329)
+- checksetup.pl will now attempt to prevent access to "editor backups" of
+  localconfig.
+  (bug 186383)
+- collectstats.pl no longer makes data/mining (which contains graphing
+  information) world writeable.
+  (bug 183188)
+
 ***********************************************
 *** USERS UPGRADING FROM 2.14.3 OR EARLIER  ***
 ***********************************************