couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nsla...@apache.org
Subject git commit: Correcting NEWS and CHANGES discrepancies
Date Wed, 27 Feb 2013 21:50:10 GMT
Updated Branches:
  refs/heads/master f21e7850f -> 52661e048


Correcting NEWS and CHANGES discrepancies


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/52661e04
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/52661e04
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/52661e04

Branch: refs/heads/master
Commit: 52661e048df5b3c2953a93bbd3d88d5f5b554e37
Parents: f21e785
Author: Noah Slater <nslater@apache.org>
Authored: Wed Feb 27 21:50:05 2013 +0000
Committer: Noah Slater <nslater@apache.org>
Committed: Wed Feb 27 21:50:05 2013 +0000

----------------------------------------------------------------------
 CHANGES |   36 ++++++++++++++++++++++++++++++++++--
 NEWS    |    6 ++++++
 2 files changed, 40 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/52661e04/CHANGES
----------------------------------------------------------------------
diff --git a/CHANGES b/CHANGES
index b70807f..ba3dec5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -221,16 +221,41 @@ Log System:
 Version 1.1.2
 -------------
 
-This version has not been released yet.
+Security:
+
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+   backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with
+   Adobe Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+   UI
 
 HTTP Interface:
 
  * ETag of attachment changes only when the attachment changes, not
    the document.
+ * Fix retrieval of headers larger than 4k.
+ * Allow OPTIONS HTTP method for list requests.
+ * Don't attempt to encode invalid json.
 
 Replicator:
 
  * Fix pull replication of documents with many revisions.
+ * Fix replication from an HTTP source to an HTTP target.
+
+View Server:
+
+ * Avoid invalidating view indexes when running out of file descriptors.
+
+Log System:
+
+ * Improvements to log messages for file-related errors.
+
+Build System:
+
+ * Don't `ln` the `couchjs` install target on Windows
+ * Remove ICU version dependency on Windows.
+ * Improve SpiderMonkey version detection.
 
 Version 1.1.1
 -------------
@@ -319,7 +344,14 @@ URL Rewriter & Vhosts:
 Version 1.0.4
 -------------
 
-Note that this version has not been released yet.
+Security:
+
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+   backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with
+   Adobe Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+   UI
 
 Log System:
 

http://git-wip-us.apache.org/repos/asf/couchdb/blob/52661e04/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index 4978011..a2150f0 100644
--- a/NEWS
+++ b/NEWS
@@ -172,6 +172,12 @@ This release contains backwards incompatible changes.
 Version 1.0.4
 -------------
 
+ * Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+   backslashes in URLs on Windows
+ * Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with
+   Adobe Flash
+ * Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+   UI
  * Fix file descriptor leak in _log.
  * Fix missing revisions in _changes?style=all_docs.
  * Fix validation of attachment names.


Mime
View raw message