diff --git a/mothership/src/org/labkey/mothership/MothershipController.java b/mothership/src/org/labkey/mothership/MothershipController.java
index 3d4e59cbc23..8b24d7a1c22 100644
--- a/mothership/src/org/labkey/mothership/MothershipController.java
+++ b/mothership/src/org/labkey/mothership/MothershipController.java
@@ -1599,8 +1599,8 @@ else if (!form.isIgnore())
                         {
                             exceptionStackTrace.setBugNumber(-1);
                         }
+                        MothershipManager.get().updateExceptionStackTrace(exceptionStackTrace, getUser());
                     }
-                    MothershipManager.get().updateExceptionStackTrace(exceptionStackTrace, getUser());
                 }
                 catch (NumberFormatException e)
                 {
diff --git a/mothership/src/org/labkey/mothership/MothershipManager.java b/mothership/src/org/labkey/mothership/MothershipManager.java
index 26eede9da92..1584030d4e2 100644
--- a/mothership/src/org/labkey/mothership/MothershipManager.java
+++ b/mothership/src/org/labkey/mothership/MothershipManager.java
@@ -42,6 +42,7 @@
 import org.labkey.api.util.MothershipReport;
 import org.labkey.api.util.ReentrantLockWithName;
 import org.labkey.api.util.logging.LogHelper;
+import org.labkey.api.view.NotFoundException;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -211,6 +212,13 @@ public SoftwareRelease ensureSoftwareRelease(Container container, String revisio
         }
     }
 
+    public SoftwareRelease getSoftwareRelease(int softwareReleaseId, Container container)
+    {
+        SimpleFilter filter = SimpleFilter.createContainerFilter(container);
+        filter.addCondition(FieldKey.fromString("SoftwareReleaseId"), softwareReleaseId);
+        return new TableSelector(getTableInfoSoftwareRelease(), filter, null).getObject(SoftwareRelease.class);
+    }
+
     public ServerInstallation getServerInstallation(@NotNull String serverGUID, @NotNull String serverHostName, @NotNull Container c)
     {
         SimpleFilter filter = SimpleFilter.createContainerFilter(c);
@@ -604,6 +612,12 @@ public void setStatusCakeApiKey(String statusCakeApiKey)
 
     public void updateSoftwareRelease(Container container, User user, SoftwareRelease bean)
     {
+        // Verify the target row actually belongs to this container before updating. The raw Table.update below is
+        // keyed only on the primary key, so without this check a user with UpdatePermission in one folder could edit
+        // (and, via setContainer, re-home) a SoftwareRelease owned by another folder.
+        if (getSoftwareRelease(bean.getSoftwareReleaseId(), container) == null)
+            throw new NotFoundException("SoftwareRelease not found in this folder: " + bean.getSoftwareReleaseId());
+
         bean.setContainer(container.getId());
         Table.update(user, getTableInfoSoftwareRelease(), bean, bean.getSoftwareReleaseId());
     }