Hi. Better late than never:
> I just wanted to point out a security hole that exists in the registration > module of the AccountManagerPlugin. See ticket #5295 for more information. > I don't know whether you see this as critical as I do, but I just wanted to > point this out. Thanks for the hint. I could not reproduce all of the issues described in that ticket, at least not with Trac 0.11 and the latest version of AccountManagerPlugin. However, I've implemented some additional checks as part of the TracHacksPlugin in r7242 - better be safe than sorry. Bye, Mike [1] http://trac-hacks.org/changeset/7242 _______________________________________________ th-users mailing list [email protected] https://lists.trac-hacks.org/mailman/listinfo/th-users
