This release fixes 2 security critical bugs: one when using ACLs and one when not using ACLs at all (so you really want to upgrade in any case). It also fixes some minor bugs.
(can't reach sf.net atm though)
From Changelog :
* reverts done by bots or leechers
There was a bad, old bug that triggered if you did not use ACLs. In that
case, moin used some simple (but wrong and incomplete) function to
determine what a user (or bot) may do or may not do. The function is now
fixed to allow only read and write to anon users, and only delete and
revert to known users additionally - and disallow everything else.
* ACL security fix for PageEditor, thanks to Dr. Pleger for reporting
web-apps or Grant : please bump to 1.2.3
*** Bug 59338 has been marked as a duplicate of this bug. ***
See bug #58381 for moinmoin-1.2.3.ebuild, updated to use webapp.eclass.
Fixed, but w/o the webapp rewrite (see note in 58381).
Reopening for GLSA
We released a GLSA for version 1.2.2. Security please draft or vote no.
1.2.3-r1 is in CVS, rewritten with webapp.eclass. It is ~ on all arches.
And by that I mean ~x86 ~sparc ~amd64 ~ppc, not ALL arches.
Closed with GLSA 200408-25.
And now the bug is also closed:-/