From: garvinhicking <garvinhicking>
Date: Sat, 15 Apr 2006 17:50:54 +0000 (+0000)
Subject: document
X-Git-Tag: 1.0~48
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=4eac53e9d42d41a942cacf9ec7e27a0c6b96192b;p=s9y.git

document
---

diff --git a/docs/NEWS b/docs/NEWS
index bd5ea34..58d486c 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -3,6 +3,12 @@
 Version 1.0 ()
 ------------------------------------------------------------------------
 
+   * Saving special crafterd configuration data as Admin superuser 
+     could lead to arbitrary PHP code inclusion from 
+     serendipity_config_local.inc.php. Since admins usually already have
+     superuser rights over their files, this is not considered a
+     "real-life" security issue. (garvinhicking)
+
    * Added Pivot importer (garvinhicking)
 
    * The spamblock plugin now continues to check any comment/trackback