3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-22 18:52:41 +01:00

Merge pull request #1521 from slingamn/pointfix

security fix necessitating 2.5.1
This commit is contained in:
Shivaram Lingamneni 2021-02-02 17:09:46 -05:00 committed by GitHub
commit 4860c5cad0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 2 deletions

View File

@ -1,6 +1,17 @@
# Changelog
All notable changes to Oragono will be documented in this file.
## [2.5.1] - 2021-02-02
Oragono 2.5.1 is a bugfix release that fixes a significant security issue. We apologize for the oversight.
This release includes no changes to the config file format or the database.
Many thanks to [@xnaas](https://github.com/xnaas) for reporting the issue.
### Security
* Fix an incorrect permissions check in NickServ (#1520, thanks [@xnaas](https://github.com/xnaas)!)
## [2.5.0] - 2021-01-31
We're pleased to announce Oragono 2.5.0, a new stable release.

View File

@ -1148,7 +1148,7 @@ func nsClientsLogoutHandler(service *ircService, server *Server, client *Client,
// User must have "kill" privileges to logout other user sessions.
if target != client {
oper := client.Oper()
if oper.HasRoleCapab("kill") {
if !oper.HasRoleCapab("kill") {
service.Notice(rb, client.t("Insufficient oper privs"))
return
}

View File

@ -7,7 +7,7 @@ import "fmt"
const (
// SemVer is the semantic version of Oragono.
SemVer = "2.6.0-unreleased"
SemVer = "2.5.1"
)
var (