mirror of
https://github.com/ergochat/ergo.git
synced 2024-12-22 18:52:41 +01:00
Merge pull request #1521 from slingamn/pointfix
security fix necessitating 2.5.1
This commit is contained in:
commit
4860c5cad0
11
CHANGELOG.md
11
CHANGELOG.md
@ -1,6 +1,17 @@
|
||||
# Changelog
|
||||
All notable changes to Oragono will be documented in this file.
|
||||
|
||||
## [2.5.1] - 2021-02-02
|
||||
|
||||
Oragono 2.5.1 is a bugfix release that fixes a significant security issue. We apologize for the oversight.
|
||||
|
||||
This release includes no changes to the config file format or the database.
|
||||
|
||||
Many thanks to [@xnaas](https://github.com/xnaas) for reporting the issue.
|
||||
|
||||
### Security
|
||||
* Fix an incorrect permissions check in NickServ (#1520, thanks [@xnaas](https://github.com/xnaas)!)
|
||||
|
||||
## [2.5.0] - 2021-01-31
|
||||
|
||||
We're pleased to announce Oragono 2.5.0, a new stable release.
|
||||
|
@ -1148,7 +1148,7 @@ func nsClientsLogoutHandler(service *ircService, server *Server, client *Client,
|
||||
// User must have "kill" privileges to logout other user sessions.
|
||||
if target != client {
|
||||
oper := client.Oper()
|
||||
if oper.HasRoleCapab("kill") {
|
||||
if !oper.HasRoleCapab("kill") {
|
||||
service.Notice(rb, client.t("Insufficient oper privs"))
|
||||
return
|
||||
}
|
||||
|
@ -7,7 +7,7 @@ import "fmt"
|
||||
|
||||
const (
|
||||
// SemVer is the semantic version of Oragono.
|
||||
SemVer = "2.6.0-unreleased"
|
||||
SemVer = "2.5.1"
|
||||
)
|
||||
|
||||
var (
|
||||
|
Loading…
Reference in New Issue
Block a user