http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14272
--- Comment #2 from Martin Persson <xarra...@gmail.com> --- There is a security issue in this version; the ID supplied from the URL parameter is not checked for expiry. This means people can watch old, expired news by changing the ID. This is known as 'object reference bug'. Whether it is a problem or not is another matter. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/