MantisBT: master-1.2.x f39cf525

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master-1.2.x 2015-06-24 04:52 master-1.2.x 2a042504
Affected Issues  0019873: CVE-2015-5059: documentation in private projects can be seen by every user
Changeset

Change default threshold to view project doc to VIEWER

Previously it was ANYBODY, which would let any user download files from
any project including private ones, even when they are not part of the
team.

Backport from a4be76d6e5c4939545d84712c79d3f8f4a108c4f

Fixes 0019873
mod - config_defaults_inc.php Diff File