Setting the useradd action's access to admin instead of public.

author: Brett Profitt <brett.profitt@gmail.com> 2012-05-14 11:59:23 -0700
committer: Brett Profitt <brett.profitt@gmail.com> 2012-05-14 11:59:23 -0700
commit: 70e5ffe5f887679b10b6c6ac8a14b1f128efbb52 (patch)
tree: d870b5f0d7eab36b0d8ce4ed0441a3b6b1002aa4 /CHANGES.txt
parent: f8d77796af608dd8b4eff0a19129edf544f73396 (diff)
download: elgg-70e5ffe5f887679b10b6c6ac8a14b1f128efbb52.tar.gz
elgg-70e5ffe5f887679b10b6c6ac8a14b1f128efbb52.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index a7e14331d..f5cacac29 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -7,6 +7,7 @@ Version 1.8.5
 
  Security Enhancements:
   * Fixed possible XSS vulnerability if using a crafted URL.
+  * Fixed exploit to bypass new user validation if using a crafted form.
 
  Bugfixes:
    * Twitter API: New users are forwarded to the correct page after creating
author	Brett Profitt <brett.profitt@gmail.com>	2012-05-14 11:59:23 -0700
committer	Brett Profitt <brett.profitt@gmail.com>	2012-05-14 11:59:23 -0700
commit	70e5ffe5f887679b10b6c6ac8a14b1f128efbb52 (patch)
tree	d870b5f0d7eab36b0d8ce4ed0441a3b6b1002aa4 /CHANGES.txt
parent	f8d77796af608dd8b4eff0a19129edf544f73396 (diff)
download	elgg-70e5ffe5f887679b10b6c6ac8a14b1f128efbb52.tar.gz elgg-70e5ffe5f887679b10b6c6ac8a14b1f128efbb52.tar.bz2