Skip to content
Snippets Groups Projects
Verified Commit fa687d47 authored by Timm Fitschen's avatar Timm Fitschen
Browse files

DOC: update CHANGELOG

parent eba81658
No related branches found
No related tags found
2 merge requests!96DOC: Added CITATION.cff to the list of files in the release guide where the...,!84fixing server issue #196
Pipeline #35126 failed
Stage: info
Stage: test
Stage: deploy
Hide whitespace changes
Inline Side-by-side
Showing
with 12 additions and 0 deletions
CHANGELOG.md
+ 12
0
View file @ fa687d47
......@@ -32,8 +32,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed ###
* Denying a role permission has no effect
[#196](https://gitlab.com/caosdb/caosdb-server/-/issues/196). See security
notes below.
### Security ###
* Fixed [#196](https://gitlab.com/caosdb/caosdb-server/-/issues/196). This was
an error in the authorization procedure which allowed unprivileged users
execute insert, update or delete transactions on entities. However, the
unprivileged users would also need the correct entity permissions to do that.
Without backup, this means possible data loss. Also there is the possibility
to spam the database by creating unwanted entities.
### Documentation ###
- Nested queries.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment