* New upstream minor release + Fixed a security issue: It was possible to bypass the "user visibility groups" restrictions if user-matching was turned on in "substring" mode. + Fixed a security issue: config.cgi exposed information to users who weren't logged in, even when "requirelogin" was turned on in Bugzilla. (closes: #331206)