Hi I was evaluating bloodhound looking for a way of restricting access
to certain issues and found SensitiveTicketPlugin. I downloaded their
current version(it was labeled sensitiveticketsplugin-13332.zip). Built
an egg and installed it via the UI. This then led to me simply getting
the following from the UI:
```
(The Trac Environment needs to be upgraded. Run "trac-admin
/home/foo/bloodhound/apache-bloodhound-0.5.3/installer/bloodhound/environments/main
upgrade")
```
Running that command then results in:
```
TracError: Database newer than Trac version
```
The console log around this time seems to show nothing interesting:
```
10.10.0.134 - - [09/Jul/2013 21:05:20] "GET /main/admin HTTP/1.1" 200 -
10.10.0.134 - - [09/Jul/2013 21:05:25] "GET /main/admin/ticket/type
HTTP/1.1" 200 -
10.10.0.134 - - [09/Jul/2013 21:05:28] "GET /main/admin/general/plugin
HTTP/1.1" 200 -
10.10.0.134 - - [09/Jul/2013 21:05:30] "POST /main/admin/general/plugin
HTTP/1.1" 500 -
10.10.0.134 - - [09/Jul/2013 21:05:30] "GET
/main/chrome/common/css/code.css HTTP/1.1" 200 -
10.10.0.134 - - [09/Jul/2013 21:05:53] "POST /main/admin/general/plugin
HTTP/1.1" 303 -
10.10.0.134 - - [09/Jul/2013 21:05:53] "GET /main/admin/general/plugin
HTTP/1.1" 500 -
10.10.0.134 - - [09/Jul/2013 21:06:47] "GET /main/admin/general/plugin
HTTP/1.1" 500 -
```
I presume the transition from 200's to 500's is the point at which I
installed the plugin.
This was on version 0.5.3 using sqlite db.
I was asked to also attach the db, I am a bit hesitant since I am not
100% that it does not contain any sensitive data. It was only a testing
instance and has no issues in it yet so it looks clean, my main worry is
over passwords/hashes, which again don't appear to be present, so if
someone wants it I will be willing to share it off list, let me know.
Thank you very much
John Oliver
