- Submitters have access to the Users object for access sharing.
- This access was partially granted in 3.0-16, but the actual security issue was introduced later when the VL was released to submitters, so they could search and sort the access sharing VL.
- Certain columns were hidden for security reasons by the access sharing page, but manipulating the VL directly allowed any submitter to get a full list of the LOVD users with full columns.
- The columns hidden in the access sharing page are now forced to be hidden in any users VL for submitter level users.
- Additionally, hid the username field, and unhid the ID field.
- Fixed typo in changelog.txt.