From 70e5ffe5f887679b10b6c6ac8a14b1f128efbb52 Mon Sep 17 00:00:00 2001
From: Brett Profitt <brett.profitt@gmail.com>
Date: Mon, 14 May 2012 11:59:23 -0700
Subject: Setting the useradd action's access to admin instead of public.

---
 CHANGES.txt | 1 +
 1 file changed, 1 insertion(+)

(limited to 'CHANGES.txt')

diff --git a/CHANGES.txt b/CHANGES.txt
index a7e14331d..f5cacac29 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -7,6 +7,7 @@ Version 1.8.5
 
  Security Enhancements:
   * Fixed possible XSS vulnerability if using a crafted URL.
+  * Fixed exploit to bypass new user validation if using a crafted form.
 
  Bugfixes:
    * Twitter API: New users are forwarded to the correct page after creating 
-- 
cgit v1.2.3