Translations:2021-12 security release/FAQ/3/en


 * CVE-2021-44858: The "undo" feature allowed an attacker to view the contents of arbitrary revisions, regardless of whether they had permissions to do so. This was also found in the "mcrundo" and "mcrrestore" actions (  and  ).