there was a report about a security issue today. We were able to confirm it
and created a patch that will fix this issue. Either apply the following
patch or copy the linked file into the directory which contains the
MoinMoin package. This is mostly the directory lib/site-packages.
The bug causes search results from pages the user can not
read to be displayed. When clicking on the link to the
page, the user is not able to read the full page, though.
For more information see
I hope that there will be a new release today that contains this patch.
@@ -1014,7 +1014,7 @@
if not filter:
# Filter deleted pages or pages the user can't read.
- if not page.exists() and request.user.may.read(name):
+ if not (page.exists() and request.user.may.read(name)):