diff docs/CHANGES @ 5913:f2fb4b3ed8e5 1.9.6

update CHANGES
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 29 Dec 2012 19:19:14 +0100
parents ef1bee86328f
children 25900eaeb864
line wrap: on
line diff
--- a/docs/CHANGES	Sat Dec 29 18:19:25 2012 +0100
+++ b/docs/CHANGES	Sat Dec 29 19:19:14 2012 +0100
@@ -26,6 +26,7 @@
 
   Fixes:
   * fix remote code execution vulnerability in twikidraw/anywikidraw action
+  * fix path traversal vulnerability in AttachFile action
   * fix XSS issue, escape page name in rss link
   * escape user- or admin-defined css url
   * make taintfilename more secure