Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update git submodules

Browse source 
* Update extensions/Thanks from branch 'REL1_43'
  to 7b1006569a9b8b228fbf4306162dd731f30b8209
  - SECURITY: Exclude deleted entries when counting thanks
    
    CVE-2025-61654
    
    Why:
    - `ThanksQueryHelper` counts all thanks, even those that user is not
      authorized to see.
    
    What:
    - Count only those thanks, which are visible to everybody
      (`log_deleted` = 0).
      - May be later extended to take into account the permissions of the
        current user.
    
    Bug: T397497
    Change-Id: Idbc1b5a288ffaa7074eedcbac066358a8ec649dc
    (cherry picked from commit ceea84f682ac52fe521b02733fb718add296efde)
This commit is contained in:
mszwarc 2025-10-03 17:45:41 +02:00 committed by Gerrit Code Review
parent 54c85c7713
commit 86f09be37a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
extensions/Thanks

@ -1 +1 @@
Subproject commit 8e23f487b4db9f45e53861ce6bdd9f3a7aa4a344
Subproject commit 7b1006569a9b8b228fbf4306162dd731f30b8209