Linking to older security issue in change log

Mainly for consistency with the newer format
2024-10-02 22:28:37 +02:00 · 2013-08-30 14:39:46 +02:00 · 2013-08-30 14:39:46 +02:00 · 8b5c8eab72
commit 8b5c8eab72
parent 05757efceb
1 changed files with 1 additions and 13 deletions
--- a/docs/en/changelogs/3.0.6.md
+++ b/docs/en/changelogs/3.0.6.md
@ -9,19 +9,7 @@

 ### Security: Require ADMIN for ?flush=1 (SS-2013-001)

-Flushing the various manifests (class, template, config) is performed through a GET
-parameter (`flush=1`). Since this action requires more server resources than normal requests,
-it can facilitate [denial-of-service attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack).
-
-To prevent this, main.php now checks and only allows the flush parameter in the following cases:
-
- * The [environment](/topics/environment-management) is in "dev mode"
- * A user is logged in with ADMIN permissions
- * An error occurs during startup
-
-This applies to both `flush=1` and `flush=all` (technically we only check for the existence of any parameter value)
-but only through web requests made through main.php - CLI requests, or any other request that goes through
-a custom start up script will still process all flush requests as normal.
+See [announcement](http://www.silverstripe.org/ss-2013-001-require-admin-for-flush1/)

 ### Security: Privilege escalation through Group hierarchy setting (SS-2013-003)