-
Alex Vandiver authored
When a group becomes disabled in RT, we mark all CGM rows that existed because of that group as 'Disabled'. Unfortunately, many joins through CGM neglected to take the Disabled column into account, leading to users possibly having rights that they should not, due to having them by way of a disabled group. This addresses CVE-2011-4459.
fbef48d9