Check query strings of query-style lookups for quoting. Bug 2850

author: Jeremy Harris <jgh146exb@wizmail.org> 2022-03-03 22:23:42 +0000
committer: Jeremy Harris <jgh146exb@wizmail.org> 2022-03-03 22:23:42 +0000
commit: 4191cb150300d310ab5fa22ce2cfb02b6f6051b0 (patch)
tree: 501724c674333b636ce1a5a73f84dec708d35bcd /doc/doc-txt
parent: 376d3790ba2756278e28d0ecaa1ed7c9b1a0ab00 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 394eb144d..730508adc 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -19,6 +19,9 @@ Version 4.96
 
  5. The ACL "debug" control gains options "stop", "pretrigger" and "trigger".
 
+ 6. Query-style lookups are now checked for quoting, if the query string is
+    built using untrusted data ("tainted").  For now lack of quoting is merely
+    logged; a future release will upgrade this to an error.
 
 Version 4.95
 ------------
author	Jeremy Harris <jgh146exb@wizmail.org>	2022-03-03 22:23:42 +0000
committer	Jeremy Harris <jgh146exb@wizmail.org>	2022-03-03 22:23:42 +0000
commit	4191cb150300d310ab5fa22ce2cfb02b6f6051b0 (patch)
tree	501724c674333b636ce1a5a73f84dec708d35bcd /doc/doc-txt
parent	376d3790ba2756278e28d0ecaa1ed7c9b1a0ab00 (diff)