tidy: Changelog

2018-11-27 10:44:18 +00:00 · 2018-11-27 10:44:18 +00:00 · d910fbdb63
commit d910fbdb63
parent b77c1c3557
1 changed files with 8 additions and 4 deletions
--- a/12
+++ b/12
@ -1,8 +1,10 @@
-27/09/2018 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu>
+24/11/2018 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu>
 Version 4.5.1.0 'dan Eider':
-	Consider to change config file after upgrade, because it contains not backward compatible breaking changes!
+	Consider to change config file after upgrade, because it contains some 
+	not backward compatible breaking changes !!
 	- Security fixes 
-	  Many thanks to Nicolas Edet (Cisco) who reported all of the following issues!!
+	  Many thanks to Nicolas Edet (Cisco) !!
+	  who reported all of the following issues:
 		* DB/SQL injection in stun realm. Fix: add extra string validation.
 		* DB/SQL injection in web-admin interface lack of admin user validation. 
 		  Fix: add extra string validation.
@ -19,10 +21,12 @@ Version 4.5.1.0 'dan Eider':
 			o Unauthenticated telnet admin interface runs on the 
 			  loopback interface, which can be accessed by exploiting the
 			  loopback relay that was enabled by default.
+		*  Add username string sanity check on web admin interface to
+		   avoid any sql-injection attacks.
 	- Admin portal does not list TCP session ( reported and fixed by Nicolas Edet )
 	- Fix memory leak in read_config_file (by Thibaut Ackermann)
 	- Add a release helper script.
-	- Web Admin interface use own listener (it is disableb by default)
+	- Web Admin interface use own listener (it is disableb by default) (by Thibaut ACKERMANN)

 	  !!BREAKING change!! Don't forget to change/review config!!