Because of an incorrectly written database query, users saw add\remove from queue links to incorrect subqueues. This wasn't a security issue because they were denied access upon clicking the links (and this module was just released and therefore has a small userbase).

Comments

ezra-g’s picture

ezra-g commented

The fix for this has been committed and will be available in the next release. Also, I hope my comment above didn't suggest that a small user base doesn't matter ;).

ezra-g’s picture

ezra-g commented
Status: Reviewed & tested by the community » Fixed

New release will be available shortly.

ezra-g’s picture

ezra-g commented
Status: Fixed » Patch (to be ported)
ezra-g’s picture

ezra-g commented
Version: 5.x-0.3 » 6.x-1.x-dev
ezra-g’s picture

ezra-g commented
Status: Patch (to be ported) » Fixed
Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.