couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Shorin <kxe...@gmail.com>
Subject Re: [VOTE] Release Apache CouchDB 1.6.0-rc.4
Date Mon, 05 May 2014 12:24:32 GMT
1.6.0-rc.4 lacks of two important changes:

HTML escaping for Fauxton:
https://github.com/apache/couchdb/commit/64144cc8bdbc64002bde64394dc8850d3987718c
this is related to recently reported XSS vulnerability COUCHDB-2232

And support of Erlang 17 (well, it's actually multiple commits due to
branch merge and rush master fixing at night):
Merge:
https://github.com/apache/couchdb/commit/296de8b1fe69e66d649294fd0445449b18c49194
Fixes:
https://github.com/apache/couchdb/commit/519a488876323f822eaa77b435b1d28e56fd273a
https://github.com/apache/couchdb/commit/8c07af243e82ea950b8ef27cfa700a4a73f878ab
https://github.com/apache/couchdb/commit/7d29ade0b5b678ce35af184ef6c53824d0b0e250

Also not sure if these PR:
https://github.com/apache/couchdb/pull/223
https://github.com/apache/couchdb/pull/224
not containing any fixes of possible XSS. Robert, are they?

--
,,,^..^,,,


On Mon, May 5, 2014 at 3:40 PM, Dirkjan Ochtman <djc@apache.org> wrote:
> Dear community,
>
> Due to test failures in rc.3, I would like to release Apache CouchDB
> 1.6.0-rc.4. Special thanks to Alexander for doing a lot of
> investigation into the failures and whipping rc.4 into shipping.
>
> Changes since last round:
>
>  * https://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=shortlog;h=refs/heads/1.6.x
>
> We encourage the whole community to download and test these release
> artefacts so that any critical issues can be resolved before the
> release is made. Everyone is free to vote on this release, so get
> stuck in!
>
> The release artefacts we are voting on are available here:
>
>     wget https://dist.apache.org/repos/dist/dev/couchdb/source/1.6.0/rc.4/apache-couchdb-1.6.0.tar.gz
>     wget https://dist.apache.org/repos/dist/dev/couchdb/source/1.6.0/rc.4/apache-couchdb-1.6.0.tar.gz.asc
>     wget https://dist.apache.org/repos/dist/dev/couchdb/source/1.6.0/rc.4/apache-couchdb-1.6.0.tar.gz.ish
>     wget https://dist.apache.org/repos/dist/dev/couchdb/source/1.6.0/rc.4/apache-couchdb-1.6.0.tar.gz.md5
>     wget https://dist.apache.org/repos/dist/dev/couchdb/source/1.6.0/rc.4/apache-couchdb-1.6.0.tar.gz.sha
>
> Please follow the test procedure here:
>
>     http://wiki.apache.org/couchdb/Test_procedure
>
> Please remember that "rc.4" is an annotation. If the vote passes,
> these artefacts will be released as Apache CouchDB 1.6.0.
>
> Please cast your votes now.
>
> Thanks,
>
> Dirkjan

Mime
View raw message