Modules: Security bug announced, xhelp 0.71 released
Posted by: ackbarrOn 2005/3/30 18:30:28 5872 readsIn response to a security bug discovered by Brian Erdelyi @ SecurityHive.com that allowed users to view other users tickets, we have released xhelp 0.71 to address this issue. In addition we included a couple bug fixes for xhelp 0.7. All users are recommended to upgrade to the latest package.
Changes in 0.71:
1. Fixed email activation link not being sent to new users (eric_juden)
2. Fixed uploading files with undefined mimetypes bug (eric_juden)
3. Fixed bug for ticket subject length being too short in edit ticket (eric_juden)
4. Fixed bug for fatal error while in staff profiles (eric_juden)
5. Security!!! Fixed bug for users being allowed to look at other user's tickets (eric_juden)