| 1 | # List of security fixes that have been committed to the "master" branch. |
| 2 | # This list is used to programmatically determine if a checkout of plat/al has |
| 3 | # known vulnerabilities (which is useful for automatically disabling an unused |
| 4 | # and unsafe checkout). |
| 5 | # |
| 6 | # In order to guarantee that only patched checkouts do have an updated SECURITY |
| 7 | # file, updates of this file should be done within the same sommit that actually |
| 8 | # fixes the security issue. Since the commit id is not known yet, it can be |
| 9 | # replaced by '00000000', and updated later. |
| 10 | # |
| 11 | # Format: <date> <commit id> <commit description> |
| 12 | # The commit id should refer to the id in the "master" branch, if the initial |
| 13 | # commit in a version branch had another name. |
| 14 | |
| 15 | 2010-04-02 3e2442cd Fix freetext visibility |
| 16 | 2009-10-19 e10bc2ef Prevents auth-groupex from leaking data to third-party attackers. |
| 17 | 2008-12-21 a25cdc91 Fixes a SQL injection in geoloc.inc.php. |