diff options
author | Brett Profitt <brett.profitt@gmail.com> | 2012-05-14 11:59:23 -0700 |
---|---|---|
committer | Brett Profitt <brett.profitt@gmail.com> | 2012-05-14 11:59:23 -0700 |
commit | 70e5ffe5f887679b10b6c6ac8a14b1f128efbb52 (patch) | |
tree | d870b5f0d7eab36b0d8ce4ed0441a3b6b1002aa4 /CHANGES.txt | |
parent | f8d77796af608dd8b4eff0a19129edf544f73396 (diff) | |
download | elgg-70e5ffe5f887679b10b6c6ac8a14b1f128efbb52.tar.gz elgg-70e5ffe5f887679b10b6c6ac8a14b1f128efbb52.tar.bz2 |
Setting the useradd action's access to admin instead of public.
Diffstat (limited to 'CHANGES.txt')
-rw-r--r-- | CHANGES.txt | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index a7e14331d..f5cacac29 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -7,6 +7,7 @@ Version 1.8.5 Security Enhancements: * Fixed possible XSS vulnerability if using a crafted URL. + * Fixed exploit to bypass new user validation if using a crafted form. Bugfixes: * Twitter API: New users are forwarded to the correct page after creating |