Return-Path: 
 <cvs-return-14005-apmail-cocoon-cvs-archive=cocoon.apache.org@cocoon.apache.org>
Delivered-To: apmail-cocoon-cvs-archive@www.apache.org
Received: (qmail 10355 invoked from network); 2 Sep 2003 16:37:37 -0000
Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 2 Sep 2003 16:37:37 -0000
Received: (qmail 93939 invoked by uid 500); 2 Sep 2003 16:37:28 -0000
Delivered-To: apmail-cocoon-cvs-archive@cocoon.apache.org
Received: (qmail 93860 invoked by uid 500); 2 Sep 2003 16:37:27 -0000
Mailing-List: contact cvs-help@cocoon.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cocoon.apache.org
list-help: <mailto:cvs-help@cocoon.apache.org>
list-unsubscribe: <mailto:cvs-unsubscribe@cocoon.apache.org>
list-post: <mailto:cvs@cocoon.apache.org>
Delivered-To: mailing list cvs@cocoon.apache.org
Received: (qmail 93846 invoked by uid 500); 2 Sep 2003 16:37:26 -0000
Delivered-To: apmail-cocoon-2.1-cvs@apache.org
Received: (qmail 93837 invoked from network); 2 Sep 2003 16:37:26 -0000
Received: from unknown (HELO minotaur.apache.org) (209.237.227.194)
  by daedalus.apache.org with SMTP; 2 Sep 2003 16:37:26 -0000
Received: (qmail 7753 invoked by uid 1318); 2 Sep 2003 16:30:46 -0000
Date: 2 Sep 2003 16:30:46 -0000
Message-ID: <20030902163046.7751.qmail@minotaur.apache.org>
From: sylvain@apache.org
To: cocoon-2.1-cvs@apache.org
Subject: cvs commit: cocoon-2.1/src/documentation/xdocs index.xml
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

sylvain     2003/09/02 09:30:46

  Modified:    src/documentation/xdocs index.xml
  Log:
  Added security warning and related update instructions
  
  Revision  Changes    Path
  1.8       +19 -0     cocoon-2.1/src/documentation/xdocs/index.xml
  
  Index: index.xml
  ===================================================================
  RCS file: /home/cvs/cocoon-2.1/src/documentation/xdocs/index.xml,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- index.xml	12 Aug 2003 10:42:38 -0000	1.7
  +++ index.xml	2 Sep 2003 16:30:46 -0000	1.8
  @@ -10,6 +10,25 @@
     </header>
     <body>
       <figure src="images/cocoon.gif" alt="Cocoon"/>
  +    <note>
  +      <p><strong>Security warning</strong>: A major security hole has been found in XMLForm and JXForm that
  +      can allow forged requests to execute arbitrary Java code on the server. This affects Cocoon 2.1 only
  +      (not the 2.0.x versions).
  +      </p>
  +      <p>
  +      As of 2003-09-03, this hole has been fixed in the latest CVS and a new version will be
  +      released very soon. In the meantime, if you use XMLForm or JXForms, we urge you to update
  +      the following source files and rebuild your Cocoon distribution:
  +      <ul>
  +       <li>XMLForm - in <code>src/blocks/xmlform/java/org/apache/cocoon/components/xmlform</code>:
  +            update <link href="http://cvs.apache.org/viewcvs.cgi/*checkout*/cocoon-2.1/src/blocks/xmlform/java/org/apache/cocoon/components/xmlform/Form.java?rev=1.6">Form.java</link>
  +       </li>
  +        <li>JXForms - in <code>src/blocks/jxforms/java/org/apache/cocoon/components/jxforms/xmlform</code>:
  +            update <link href="http://cvs.apache.org/viewcvs.cgi/*checkout*/cocoon-2.1/src/blocks/jxforms/java/org/apache/cocoon/components/jxforms/xmlform/Form.java?rev=1.4">Form.java</link>
  +       </li>
  +      </ul>
  +      </p>
  +    </note>
       <s1 title="What is Cocoon?">
         <p>
           Apache Cocoon is a web development framework built around the concepts of