|
|
@@ -27,6 +27,8 @@ NEW: A lot of addition of hooks.
|
|
|
|
|
|
|
|
|
Following changes may create regressions for some external modules, but were necessary to make Dolibarr better:
|
|
|
+* There is a new specific permission to be allowed to enter timesheets. If you use timesheet, don't forget to give the new permission (disable and
|
|
|
+ enable the module project if it is not visible).
|
|
|
* The default value for MAIN_SECURITY_CSRF_WITH_TOKEN has been set to 2. It means any POST and any GET request that contains the "action" or "massaction"
|
|
|
with a value of a sensitive action must also a valid token parameter (With previous value 1, only POST was concerned). Note: With value 3, any URL
|
|
|
with parameter "action" or "massaction" need the token, whatever is the value of the action.
|
Laurent Destailleur