dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: Do not allow users to undelete a page they can't edit or create
[lhc/web/wiklou.git] / RELEASE-NOTES-1.29
diff --git a/RELEASE-NOTES-1.29 b/RELEASE-NOTES-1.29
index b835eb5..4b7de88 100644 (file)
--- a/RELEASE-NOTES-1.29
+++ b/RELEASE-NOTES-1.29
@@ -103,6 +103,8 @@ production.
   in it's fallback chain when trying to work out where to write the cache.
 * (T48143) SECURITY: Spam blacklist ineffective on encoded URLs inside file inclusion
   syntax's link parameter.
+* (T108138) SECURITY: Sysops can undelete pages, although the page is protected against
+  it.
 
 === Action API changes in 1.29 ===
 * Submitting sensitive authentication request parameters to action=login,
Wiklou, le Wiki du Wiklou