db-derby-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rhille...@apache.org
Subject svn commit: r946174 - in /db/derby/site/trunk: build/site/releases/release-10.6.1.0.html src/documentation/content/xdocs/releases/release-10.6.1.0.html
Date Wed, 19 May 2010 13:15:36 GMT
Author: rhillegas
Date: Wed May 19 13:15:36 2010
New Revision: 946174

URL: http://svn.apache.org/viewvc?rev=946174&view=rev
Log:
DERBY-4593: Correct problems with the 10.6.1.0 release notes on the website.

Modified:
    db/derby/site/trunk/build/site/releases/release-10.6.1.0.html
    db/derby/site/trunk/src/documentation/content/xdocs/releases/release-10.6.1.0.html

Modified: db/derby/site/trunk/build/site/releases/release-10.6.1.0.html
URL: http://svn.apache.org/viewvc/db/derby/site/trunk/build/site/releases/release-10.6.1.0.html?rev=946174&r1=946173&r2=946174&view=diff
==============================================================================
--- db/derby/site/trunk/build/site/releases/release-10.6.1.0.html (original)
+++ db/derby/site/trunk/build/site/releases/release-10.6.1.0.html Wed May 19 13:15:36 2010
@@ -929,7 +929,7 @@ document.write("Last Published: " + docu
 <td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4359">DERBY-4359</a></td><td>DERBY-4358</td>
 </tr>
 <tr>
-<td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4356">DERBY-4356</a></td><td>testStartStopManagementFromApplication(org.apache.derbyTesting.functionTests.tests.management.ManagementMBeanTest)junit.framework.AssertionFailedError:
expected:&amp;lt;2&amp;gt; but was:&amp;lt;%&amp;gt;</td>
+<td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4356">DERBY-4356</a></td><td>testStartStopManagementFromApplication(org.apache.derbyTesting.functionTests.tests.management.ManagementMBeanTest)junit.framework.AssertionFailedError:
expected:(2) but was:(%)</td>
 </tr>
 <tr>
 <td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4355">DERBY-4355</a></td><td>Implement
CROSS JOIN</td>
@@ -983,7 +983,7 @@ document.write("Last Published: " + docu
 <td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4304">DERBY-4304</a></td><td>Network
Server shutdown should handle exceptions and finish the server shutdown completely</td>
 </tr>
 <tr>
-<td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4297">DERBY-4297</a></td><td>'compilation
time did not compute (0,0,0,0) expected:&amp;lt;16&amp;gt; but was:&amp;lt;0&amp;gt;'
in testGroupBySortProps(....tests.lang.XplainStatisticsTest)</td>
+<td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4297">DERBY-4297</a></td><td>'compilation
time did not compute (0,0,0,0) expected:(16) but was:(0)' in testGroupBySortProps(....tests.lang.XplainStatisticsTest)</td>
 </tr>
 <tr>
 <td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4293">DERBY-4293</a></td><td>Mutable
public static variables</td>
@@ -1076,7 +1076,7 @@ document.write("Last Published: " + docu
 <td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4106">DERBY-4106</a></td><td>The
Reference Gulde claims that the INTEGER function can be applied to dates and times</td>
 </tr>
 <tr>
-<td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4102">DERBY-4102</a></td><td>Assert
failure or ClassCastException in EmbedBlob when retrieving BLOB &amp;gt;= 32K</td>
+<td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4102">DERBY-4102</a></td><td>Assert
failure or ClassCastException in EmbedBlob when retrieving BLOB )= 32K</td>
 </tr>
 <tr>
 <td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-4092">DERBY-4092</a></td><td>You
should not be able to invoke a table function as a scalar function</td>
@@ -1277,15 +1277,15 @@ document.write("Last Published: " + docu
 <td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-482">DERBY-482</a></td><td>GENERATED
BY DEFAULT option should be documented in Derby Tools and Utilities guide under "Importing
into tables with identity columns" section.</td>
 </tr>
 <tr>
-<td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-151">DERBY-151</a></td><td>Thread
termination -&amp;gt; XSDG after operation is 'complete'</td>
+<td><a class="external" href="https://issues.apache.org/jira/browse/DERBY-151">DERBY-151</a></td><td>Thread
termination -) XSDG after operation is 'complete'</td>
 </tr>
 </table>
 <a name="N107F8"></a><a name="Fix+for+Security+Bug+CVE-2009-4269"></a>
 <h3 class="boxed">Fix for Security Bug CVE-2009-4269</h3>
-<p>Derby 10.6.1.0 also fixes a security flaw tracked by the Apache Common Vulnerabilities
and Exposures id "CVE-2009-4269". This flaw made it easy to crack passwords managed by Derby's
BUILTIN authentication logic. Originally, the BUILTIN logic was intended only for testing
purposes. However, Derby's user documentation suggested that this scheme was production-ready
and it appears that many users rely on BUILTIN authentication in production. Tracked by <a
href="#Note for DERBY-4483">DERBY-4483</a>, the flaw is addressed as follows:</p>
+<p>Derby 10.6.1.0 also fixes a security flaw tracked by the Apache Common Vulnerabilities
and Exposures id "CVE-2009-4269". This flaw made it easy to crack passwords managed by Derby's
BUILTIN authentication logic. Originally, the BUILTIN logic was intended only for testing
purposes. However, Derby's user documentation suggested that this scheme was production-ready
and it appears that many users rely on BUILTIN authentication in production. Tracked by DERBY-4483,
the flaw is addressed as follows:</p>
 <ol>
 <li>The bug itself is corrected for newly created 10.6 databases.</li>
-<li>Password substitution is not allowed when logging into a database where the bug
is corrected and BUILTIN passwords are stored in the database. See the release note for <a
href="#N1089B">DERBY-4483</a>.</li>
+<li>Password substitution is not allowed when logging into a database where the bug
is corrected and BUILTIN passwords are stored in the database. See the release note for DERBY-4483
below.</li>
 <li>Derby's default password-hashing scheme is changed from SHA-1 to SHA-256, which
is harder to crack.</li>
 <li>The user guides are glossed with warnings against production use of the BUILTIN
authentication mechanism.</li>
 </ol>
@@ -1299,50 +1299,26 @@ document.write("Last Published: " + docu
 </ul>
 </li>
 </ol>
-<a name="N1081F"></a><a name="Issues"></a>
+<a name="N10817"></a><a name="Issues"></a>
 <h3 class="boxed">Issues</h3>
 <p>Compared with the previous release (10.5.3.0), Derby release 10.6.1.0 introduces
the following new features and incompatibilities. These merit your special attention.</p>
 <ul>
-<li>
-<a href="#Note for DERBY-4602"></a>
-<p>Note for DERBY-4602: Default hash algorithm for BUILTIN authentication changed to
SHA-256</p>
-</li>
-<li>
-<a href="#Note for DERBY-4483"></a>
-<p>Note for DERBY-4483: Strong password substitution cannot be used with new defaults
for BUILTIN authentication.</p>
-</li>
-<li>
-<a href="#Note for DERBY-4432"></a>
-<p>Note for DERBY-4432: The in-memory back end will no longer create a database if
the virtual database directory already exists.</p>
-</li>
-<li>
-<a href="#Note for DERBY-4380"></a>
-<p>Note for DERBY-4380: Changed error code and message when referencing column not
in scope in ON clause.</p>
-</li>
-<li>
-<a href="#Note for DERBY-4355"></a>
-<p>Note for DERBY-4355: CROSS is now a reserved keyword and cannot be used as an unquoted
identifier.</p>
-</li>
-<li>
-<a href="#Note for DERBY-4191"></a>
-<p>Note for DERBY-4191: Some queries require additional SELECT privileges now.</p>
-</li>
-<li>
-<a href="#Note for DERBY-3844"></a>
-<p>Note for DERBY-3844: Applications may no longer obtain a LOB object, or a <tt>Reader</tt>
or an <tt>InputStream</tt>, from the same column more than once per row.</p>
-</li>
-<li>
-<a href="#Note for DERBY-2769"></a>
-<p>Note for DERBY-2769: Comprehensive validity checks for the parameters of <tt>Clob.setString</tt>
have been introduced.</p>
-</li>
+<li>Note for DERBY-4602: Default hash algorithm for BUILTIN authentication changed
to SHA-256</li>
+<li>Note for DERBY-4483: Strong password substitution cannot be used with new defaults
for BUILTIN authentication.</li>
+<li>Note for DERBY-4432: The in-memory back end will no longer create a database if
the virtual database directory already exists.</li>
+<li>Note for DERBY-4380: Changed error code and message when referencing column not
in scope in ON clause.</li>
+<li>Note for DERBY-4355: CROSS is now a reserved keyword and cannot be used as an unquoted
identifier.</li>
+<li>Note for DERBY-4191: Some queries require additional SELECT privileges now.</li>
+<li>Note for DERBY-3844: Applications may no longer obtain a LOB object, or a <tt>Reader</tt>
or an <tt>InputStream</tt>, from the same column more than once per row.</li>
+<li>Note for DERBY-2769: Comprehensive validity checks for the parameters of <tt>Clob.setString</tt>
have been introduced.</li>
 </ul>
 <hr>
-<a name="N1085A"></a><a name="Note+for+DERBY-4602"></a>
+<a name="N1083A"></a><a name="Note+for+DERBY-4602"></a>
 <h4>Note for DERBY-4602</h4>
-<a name="N10860"></a><a name="Summary+of+Change"></a>
+<a name="N10840"></a><a name="Summary+of+Change"></a>
 <h5>Summary of Change</h5>
 <p>Default hash algorithm for BUILTIN authentication changed to SHA-256</p>
-<a name="N10866"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change"></a>
+<a name="N10846"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change"></a>
 <h5>Symptoms Seen by Applications Affected by Change</h5>
 <p>If a database that uses BUILTIN authentication is opened on a platform that does
not support the new default hash algorithm (SHA-256), the following exception may be seen
when connecting to the database or when setting the password for a user:</p>
 <pre>ERROR XBCXW: The message digest algorithm 'SHA-256' is not supported
@@ -1351,22 +1327,22 @@ cryptography provider that supports that
 algorithm in the derby.authentication.builtin.algorithm property.
 </pre>
 <p>The default algorithm is initialized to SHA-256 when the database is created. However,
if SHA-256 is not available, it is initialized to the old default (SHA-1) instead. The error
message above should therefore only be seen if the database was created on a platform that
supports SHA-256 and opened on a platform that doesn't support SHA-256.</p>
-<a name="N10870"></a><a name="Incompatibilities+with+Previous+Release"></a>
+<a name="N10850"></a><a name="Incompatibilities+with+Previous+Release"></a>
 <h5>Incompatibilities with Previous Release</h5>
 <p>Databases created on a platform with support for the new default algorithm (SHA-256)
may now require some changes before they can be used together with BUILTIN authentication
on platforms that don't support the new algorithm. In previous releases, differences in the
set of supported hash algorithms did not cause a need for changes when moving databases across
platforms.</p>
-<a name="N10876"></a><a name="Rationale+for+Change"></a>
+<a name="N10856"></a><a name="Rationale+for+Change"></a>
 <h5>Rationale for Change</h5>
 <p>The default algorithm in previous releases (SHA-1) is not considered secure enough
for most uses by U.S. government agencies. SHA-256 is widely recognized as more secure than
SHA-1 and is therefore used as the default if the platform on which the database is created
supports the algorithm.</p>
-<a name="N1087C"></a><a name="Application+Changes+Required"></a>
+<a name="N1085C"></a><a name="Application+Changes+Required"></a>
 <h5>Application Changes Required</h5>
 <p>If a database cannot be used on a platform because of this issue, one of the following
steps must be taken:</p>
-<a name="N10882"></a><a name="Alternative+1"></a>
+<a name="N10862"></a><a name="Alternative+1"></a>
 <h5>Alternative 1</h5>
 <p>Recreate the database on the platform that doesn't support SHA-256. The new database
will use the more widely available SHA-1 algorithm as default.</p>
-<a name="N10888"></a><a name="Alternative+2"></a>
+<a name="N10868"></a><a name="Alternative+2"></a>
 <h5>Alternative 2</h5>
 <p>Install a Java Cryptography Extension (JCE) Provider that supports the SHA-256 algorithm.</p>
-<a name="N1088E"></a><a name="Alternative+3"></a>
+<a name="N1086E"></a><a name="Alternative+3"></a>
 <h5>Alternative 3</h5>
 <p>On the platform on which the database was created, change the default algorithm
to SHA-1 (or to some other algorithm known to be supported on the target platform) by executing
the following SQL statement:</p>
 <pre>CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
@@ -1377,12 +1353,12 @@ algorithm in the derby.authentication.bu
         'derby.user.alice, 'secret)
 </pre>
 <hr>
-<a name="N1089B"></a><a name="Note+for+DERBY-4483"></a>
+<a name="N1087B"></a><a name="Note+for+DERBY-4483"></a>
 <h4>Note for DERBY-4483</h4>
-<a name="N108A1"></a><a name="Summary+of+Change-N108A1"></a>
+<a name="N10881"></a><a name="Summary+of+Change-N10881"></a>
 <h5>Summary of Change</h5>
 <p>Strong password substitution cannot be used with new defaults for BUILTIN authentication.</p>
-<a name="N108A7"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N108A7"></a>
+<a name="N10887"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N10887"></a>
 <h5>Symptoms Seen by Applications Affected by Change</h5>
 <p>In a database created with the new version of Derby, the BUILTIN authentication
provider will by default store passwords in a way that's not compatible with the strong password
substitution security mechanism. Applications that attempt to connect to the database using
the Derby network client driver with <tt>securityMechanism=8</tt> in the connection
URL, will therefore fail to connect. The connection attempt will be refused with the following
error message:</p>
 <pre>ERROR 08004: DERBY SQL error: SQLCODE: -1, SQLSTATE: 08004, SQLERRMC:
@@ -1392,20 +1368,20 @@ scheme which is not compatible with the 
 security mechanism. If this error started after upgrade, refer to the
 release note for DERBY-4483 for options.
 </pre>
-<a name="N108B2"></a><a name="Incompatibilities+with+Previous+Release-N108B2"></a>
+<a name="N10892"></a><a name="Incompatibilities+with+Previous+Release-N10892"></a>
 <h5>Incompatibilities with Previous Release</h5>
 <p>Applications that use BUILTIN authentication and the strong password substitution
security mechanism will not be able to establish connections to the database if the database
uses the new defaults for BUILTIN authentication.</p>
 <p>Only databases created with the new version of Derby will automatically use the
new defaults. Databases upgraded from previous versions of Derby will continue to use the
old defaults, and they will not be affected unless the settings for BUILTIN authentication
are changed manually to enable the new behaviour.</p>
-<a name="N108BA"></a><a name="Rationale+for+Change-N108BA"></a>
+<a name="N1089A"></a><a name="Rationale+for+Change-N1089A"></a>
 <h5>Rationale for Change</h5>
 <p>The default BUILTIN authentication scheme used in previous releases has a weakness
that makes it vulnerable to attacks. In the new release, an alternative BUILTIN authentication
scheme without this vulnerability has been added. Despite this new scheme's incompatibility
with strong password substitution, it was made the default for databases created with the
new release of Derby in order to improve out-of-the-box security.</p>
-<a name="N108C0"></a><a name="Application+Changes+Required-N108C0"></a>
+<a name="N108A0"></a><a name="Application+Changes+Required-N108A0"></a>
 <h5>Application Changes Required</h5>
 <p>Applications that are affected by this incompatibility can be made to work by making
one of the following changes:</p>
-<a name="N108C6"></a><a name="Alternative+1%3A+Use+another+security+mechanism"></a>
+<a name="N108A6"></a><a name="Alternative+1%3A+Use+another+security+mechanism"></a>
 <h5>Alternative 1: Use another security mechanism</h5>
 <p>You can switch to another security mechanism by changing the value of the <tt>securityMechanism</tt>
connection attribute. Only the strong password substitution security mechanism is incompatible
with the new BUILTIN authentication. Note that if you pick one of the security mechanisms
that send your credentials unencrypted over the network, you may want to enable network encryption
and authentication with SSL/TLS. Details about how to change security mechanisms and how to
enable SSL/TLS can be found in the Derby Server and Administration Guide.</p>
-<a name="N108CF"></a><a name="Alternative+2%3A+Revert+to+the+old+BUILTIN+authentication+behaviour"></a>
+<a name="N108AF"></a><a name="Alternative+2%3A+Revert+to+the+old+BUILTIN+authentication+behaviour"></a>
 <h5>Alternative 2: Revert to the old BUILTIN authentication behaviour</h5>
 <p>It is possible to revert to the old behaviour for BUILTIN authentication, which
will make it possible to connect when using the strong password substitution security mechanism.
To revert to the old behaviour, set the database property <tt>derby.authentication.builtin.algorithm</tt>
to <tt>NULL</tt> (or to an empty string) by executing this SQL statement:</p>
 <pre>CALL SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY(
@@ -1413,12 +1389,12 @@ release note for DERBY-4483 for options.
 </pre>
 <p>If you have created any users before setting the above property to <tt>NULL</tt>,
you will also need to set the passwords for all those users again to ensure that they are
stored using the old format, since setting this property does not change how any existing
passwords are stored. Users whose passwords are stored using the old format will be able to
connect to the database with strong password substitution.</p>
 <hr>
-<a name="N108E3"></a><a name="Note+for+DERBY-4432"></a>
+<a name="N108C3"></a><a name="Note+for+DERBY-4432"></a>
 <h4>Note for DERBY-4432</h4>
-<a name="N108E9"></a><a name="Summary+of+Change-N108E9"></a>
+<a name="N108C9"></a><a name="Summary+of+Change-N108C9"></a>
 <h5>Summary of Change</h5>
 <p>The in-memory back end will no longer create a database if the virtual database
directory already exists.</p>
-<a name="N108EF"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N108EF"></a>
+<a name="N108CF"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N108CF"></a>
 <h5>Symptoms Seen by Applications Affected by Change</h5>
 <p>If database 'memory:/tmp/a/myDB' already exists, an attempt to create 'memory:/tmp/a'
results in:</p>
 <pre>ERROR XJ041: Failed to create database 'memory:/tmp/a', see the next exception
for details.
@@ -1426,23 +1402,23 @@ ERROR XBM0J: Directory memory:/tmp/a alr
 </pre>
 <br>
 <br>
-<a name="N108F9"></a><a name="Incompatibilities+with+Previous+Release-N108F9"></a>
+<a name="N108D9"></a><a name="Incompatibilities+with+Previous+Release-N108D9"></a>
 <h5>Incompatibilities with Previous Release</h5>
 <p>If two (or more) in-memory databases are created, the application may fail to create
the second database if the database paths are overlapping.</p>
-<a name="N108FF"></a><a name="Rationale+for+Change-N108FF"></a>
+<a name="N108DF"></a><a name="Rationale+for+Change-N108DF"></a>
 <h5>Rationale for Change</h5>
 <p>The fix makes the in-memory and the on-disk back ends consistent on this matter,
and the change also fixes a memory leak when trying to boot a large number of non-existing
in-memory databases (see <a class="external" href="https://issues.apache.org/jira/browse/DERBY-4432">DERBY-4432</a>).</p>
-<a name="N10909"></a><a name="Application+Changes+Required-N10909"></a>
+<a name="N108E9"></a><a name="Application+Changes+Required-N108E9"></a>
 <h5>Application Changes Required</h5>
 <p>Adjust the paths of the in-memory databases if required. In some cases it may be
sufficient to reorder the database creations, but this is not recommended as it would potentially
have severe side-effects with the on-disk back end (a database nested within another database).</p>
 <p>There is no way to revert to the old behavior.</p>
 <hr>
-<a name="N10912"></a><a name="Note+for+DERBY-4380"></a>
+<a name="N108F2"></a><a name="Note+for+DERBY-4380"></a>
 <h4>Note for DERBY-4380</h4>
-<a name="N10918"></a><a name="Summary+of+Change-N10918"></a>
+<a name="N108F8"></a><a name="Summary+of+Change-N108F8"></a>
 <h5>Summary of Change</h5>
 <p>Changed error code and message when referencing column not in scope in ON clause.</p>
-<a name="N1091E"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N1091E"></a>
+<a name="N108FE"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N108FE"></a>
 <h5>Symptoms Seen by Applications Affected by Change</h5>
 <p>In the previous releases, SQL statements that referenced columns that were not in
scope in the ON clause of a JOIN, would under certain conditions fail with the following SQLState
and message:</p>
 <pre>ERROR 42972: An ON clause associated with a JOIN operator is not valid.
@@ -1450,41 +1426,41 @@ ERROR XBM0J: Directory memory:/tmp/a alr
 <p>Now, the statements that used to fail with that message will instead fail with the
following SQLState and message:</p>
 <pre>ERROR 42X04: Column 'T1.X' is either not in any table in the FROM list or appears
within a join specification and is outside the scope of the join specification or appears
in a HAVING clause and is not in the GROUP BY list. If this is a CREATE or ALTER TABLE  statement
then 'T1.X' is not a column in the target table.
 </pre>
-<a name="N1092A"></a><a name="Rationale+for+Change-N1092A"></a>
+<a name="N1090A"></a><a name="Rationale+for+Change-N1090A"></a>
 <h5>Rationale for Change</h5>
 <p>This change was necessary because the code that decided which of the two errors
to raise, contained some logic that was not compatible with the introduction of sub-queries
in ON clauses. Additionally, the new message makes it easier to see what is the problem with
the statement, as it mentions both why the ON clause is invalid and the name of the column
that is out of scope.</p>
-<a name="N10930"></a><a name="Application+Changes+Required-N10930"></a>
+<a name="N10910"></a><a name="Application+Changes+Required-N10910"></a>
 <h5>Application Changes Required</h5>
 <p>Applications that check for SQLState <span class="codefrag">42972</span>
when SQLExceptions are raised, should now check for SQLState <span class="codefrag">42X04</span>
instead.</p>
 <hr>
-<a name="N1093D"></a><a name="Note+for+DERBY-4355"></a>
+<a name="N1091D"></a><a name="Note+for+DERBY-4355"></a>
 <h4>Note for DERBY-4355</h4>
-<a name="N10943"></a><a name="Summary+of+Change-N10943"></a>
+<a name="N10923"></a><a name="Summary+of+Change-N10923"></a>
 <h5>Summary of Change</h5>
 <p>CROSS is now a reserved keyword and cannot be used as an unquoted identifier.</p>
-<a name="N10949"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N10949"></a>
+<a name="N10929"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N10929"></a>
 <h5>Symptoms Seen by Applications Affected by Change</h5>
 <p>In previous releases of Derby, CROSS was not a reserved keyword, so applications
could use CROSS as an identifier without quoting it. Applications that use CROSS as an identifier
(for instance to name tables, views, columns, functions or procedures) and don't quote it,
will now see errors similar to this one:</p>
 <pre>ERROR 42X01: Syntax error: Encountered "cross" at line 1, column 15.
 </pre>
-<a name="N10951"></a><a name="Incompatibilities+with+Previous+Release-N10951"></a>
+<a name="N10931"></a><a name="Incompatibilities+with+Previous+Release-N10931"></a>
 <h5>Incompatibilities with Previous Release</h5>
 <p>Applications that use CROSS as an unquoted identifier will experience syntax errors.</p>
-<a name="N10957"></a><a name="Rationale+for+Change-N10957"></a>
+<a name="N10937"></a><a name="Rationale+for+Change-N10937"></a>
 <h5>Rationale for Change</h5>
 <p>CROSS was made a reserved keyword in order to support the CROSS JOIN operator. Also,
the SQL:2003 standard defines CROSS as a reserved keyword, so applications that use it as
an unquoted identifier are not portable.</p>
-<a name="N1095D"></a><a name="Application+Changes+Required-N1095D"></a>
+<a name="N1093D"></a><a name="Application+Changes+Required-N1093D"></a>
 <h5>Application Changes Required</h5>
 <p>SQL statements where CROSS is used as an unquoted identifier must be rewritten so
that CROSS is enclosed in double quotes.</p>
 <p>Examples:</p>
 <p>The statement <span class="codefrag">create table cross(x int)</span>
must be rewritten to <span class="codefrag">create table "CROSS"(x int)</span>.
Similarly, the statement <span class="codefrag">select * from cross</span> will
have to be rewritten to <span class="codefrag">select * from "CROSS"</span>.</p>
 <hr>
-<a name="N10974"></a><a name="Note+for+DERBY-4191"></a>
+<a name="N10954"></a><a name="Note+for+DERBY-4191"></a>
 <h4>Note for DERBY-4191</h4>
-<a name="N1097A"></a><a name="Summary+of+Change-N1097A"></a>
+<a name="N1095A"></a><a name="Summary+of+Change-N1095A"></a>
 <h5>Summary of Change</h5>
 <p>Some queries require additional SELECT privileges now.</p>
-<a name="N10980"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N10980"></a>
+<a name="N10960"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N10960"></a>
 <h5>Symptoms Seen by Applications Affected by Change</h5>
 <p>In previous releases, certain queries incorrectly succeeded when the user lacked
sufficient SELECT privileges. For instance, the following query succeeded even if the user
did not have SELECT privilege on the table:</p>
 <pre>    select 1 from anotheruser.table1
@@ -1492,22 +1468,22 @@ ERROR XBM0J: Directory memory:/tmp/a alr
 <p>And the following query succeeded if the user had UPDATE but not SELECT privilege
on the column:</p>
 <pre>    update anotheruser.table1 set a = ( select max(a) + 2 from anotheruser.table1
); 
 </pre>
-<a name="N1098C"></a><a name="Incompatibilities+with+Previous+Release-N1098C"></a>
+<a name="N1096C"></a><a name="Incompatibilities+with+Previous+Release-N1096C"></a>
 <h5>Incompatibilities with Previous Release</h5>
 <p>Now Derby raises a SQLException for those situations. For the first query above,
the user must now enjoy SELECT privilege on at least one column in the table. For the second
query, the user must now enjoy SELECT as well as UPDATE privilege on the affected column.</p>
-<a name="N10992"></a><a name="Rationale+for+Change-N10992"></a>
+<a name="N10972"></a><a name="Rationale+for+Change-N10972"></a>
 <h5>Rationale for Change</h5>
 <p>The old behavior violated the SQL Standard. The new behavior is correct.</p>
-<a name="N10998"></a><a name="Application+Changes+Required-N10998"></a>
+<a name="N10978"></a><a name="Application+Changes+Required-N10978"></a>
 <h5>Application Changes Required</h5>
 <p>Database Administrators may need to grant users additional SELECT privileges.</p>
 <hr>
-<a name="N1099F"></a><a name="Note+for+DERBY-3844"></a>
+<a name="N1097F"></a><a name="Note+for+DERBY-3844"></a>
 <h4>Note for DERBY-3844</h4>
-<a name="N109A5"></a><a name="Summary+of+Change-N109A5"></a>
+<a name="N10985"></a><a name="Summary+of+Change-N10985"></a>
 <h5>Summary of Change</h5>
 <p>Applications may no longer obtain a LOB object, or a <tt>Reader</tt>
or an <tt>InputStream</tt>, from the same column more than once per row.</p>
-<a name="N109B1"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N109B1"></a>
+<a name="N10991"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N10991"></a>
 <h5>Symptoms Seen by Applications Affected by Change</h5>
 <p>Derby will throw an exception with SQLState XCL18 (carrying the message "Stream
or LOB value cannot be retrieved more than once") when any of the following result set methods
are invoked for the second time on a given column on a row:</p>
 <ul>
@@ -1520,22 +1496,22 @@ ERROR XBM0J: Directory memory:/tmp/a alr
 </ul>
 <br>
 <br>
-<a name="N109C6"></a><a name="Incompatibilities+with+Previous+Release-N109C6"></a>
+<a name="N109A6"></a><a name="Incompatibilities+with+Previous+Release-N109A6"></a>
 <h5>Incompatibilities with Previous Release</h5>
 <p>Applications which obtain two LOB objects from the same result set column on a row
now fail.</p>
-<a name="N109CC"></a><a name="Rationale+for+Change-N109CC"></a>
+<a name="N109AC"></a><a name="Rationale+for+Change-N109AC"></a>
 <h5>Rationale for Change</h5>
 <p>Obtaining several LOB objects from the same column causes resource management problems
and intermittent errors (see <a class="external" href="https://issues.apache.org/jira/browse/DERBY-3844">DERBY-3844</a>
for a description). The change is in line with the maximum portability statement found in
the JavaDoc for <tt>java.sql.ResultSet</tt>.</p>
-<a name="N109D9"></a><a name="Application+Changes+Required-N109D9"></a>
+<a name="N109B9"></a><a name="Application+Changes+Required-N109B9"></a>
 <h5>Application Changes Required</h5>
 <p>Users must recode applications which obtain multiple LOB objects (<tt>java.sql.Blob</tt>
or <tt>java.sql.Clob</tt>) on the same column. Note that for instance <tt>getCharacterStream(1)</tt>
followed by <tt>getClob(1)</tt> will also raise the exception.</p>
 <hr>
-<a name="N109EC"></a><a name="Note+for+DERBY-2769"></a>
+<a name="N109CC"></a><a name="Note+for+DERBY-2769"></a>
 <h4>Note for DERBY-2769</h4>
-<a name="N109F2"></a><a name="Summary+of+Change-N109F2"></a>
+<a name="N109D2"></a><a name="Summary+of+Change-N109D2"></a>
 <h5>Summary of Change</h5>
 <p>Comprehensive validity checks for the parameters of <tt>Clob.setString</tt>
have been introduced.</p>
-<a name="N109FB"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N109FB"></a>
+<a name="N109DB"></a><a name="Symptoms+Seen+by+Applications+Affected+by+Change-N109DB"></a>
 <h5>Symptoms Seen by Applications Affected by Change</h5>
 <p>There are three possible symptoms, all observable when invoking <tt>Clob.setString</tt>:</p>
 <ol>
@@ -1545,7 +1521,7 @@ ERROR XBM0J: Directory memory:/tmp/a alr
 </ol>
 <br>
 <br>
-<a name="N10A10"></a><a name="Incompatibilities+with+Previous+Release-N10A10"></a>
+<a name="N109F0"></a><a name="Incompatibilities+with+Previous+Release-N109F0"></a>
 <h5>Incompatibilities with Previous Release</h5>
 <p></p>
 <ol>
@@ -1560,10 +1536,10 @@ ERROR XBM0J: Directory memory:/tmp/a alr
 </ol>
 <br>
 <br>
-<a name="N10A31"></a><a name="Rationale+for+Change-N10A31"></a>
+<a name="N10A11"></a><a name="Rationale+for+Change-N10A11"></a>
 <h5>Rationale for Change</h5>
 <p>Make the parameter checking comply with the <tt>JDBC</tt> specification.</p>
-<a name="N10A3A"></a><a name="Application+Changes+Required-N10A3A"></a>
+<a name="N10A1A"></a><a name="Application+Changes+Required-N10A1A"></a>
 <h5>Application Changes Required</h5>
 <p>The following rules must be followed to avoid exceptions being raised when invoking
<tt>Clob.setString</tt>:</p>
 <ol>
@@ -1578,7 +1554,7 @@ ERROR XBM0J: Directory memory:/tmp/a alr
 </ol>
 <br>
 <br>
-<a name="N10A5F"></a><a name="Build+Environment"></a>
+<a name="N10A3F"></a><a name="Build+Environment"></a>
 <h3 class="boxed">Build Environment</h3>
 <p>Derby release 10.6.1.0 was built using the following environment:</p>
 <ul>
@@ -1597,7 +1573,7 @@ ERROR XBM0J: Directory memory:/tmp/a alr
 <li>
 <strong>JSR 169</strong> - J2ME support was built using libraries from phoneME
Advanced Milestone Release 2.</li>
 </ul>
-<a name="N10A84"></a><a name="Verifying+releases"></a>
+<a name="N10A64"></a><a name="Verifying+releases"></a>
 <h3 class="boxed">Verifying releases</h3>
 <p>It is essential that you verify the integrity of the downloaded files using the
PGP and MD5 signatures. MD5 verification ensures the file was not corrupted during the download
process. PGP verification ensures that the file came from a certain person.</p>
 <p>The PGP signatures can be verified using <a class="external" href="http://www.pgpi.org/">PGP</a>
or <a class="external" href="http://www.gnupg.org/">GPG</a>. First download the
Apache Derby <a class="external" href="http://svn.apache.org/repos/asf/db/derby/code/trunk/KEYS">KEYS</a>
as well as the <span class="codefrag">asc</span> signature file for the particular
distribution. It is important that you get these files from the ultimate trusted source -
the main ASF distribution site, rather than from a mirror. Then verify the signatures using
...</p>

Modified: db/derby/site/trunk/src/documentation/content/xdocs/releases/release-10.6.1.0.html
URL: http://svn.apache.org/viewvc/db/derby/site/trunk/src/documentation/content/xdocs/releases/release-10.6.1.0.html?rev=946174&r1=946173&r2=946174&view=diff
==============================================================================
--- db/derby/site/trunk/src/documentation/content/xdocs/releases/release-10.6.1.0.html (original)
+++ db/derby/site/trunk/src/documentation/content/xdocs/releases/release-10.6.1.0.html Wed
May 19 13:15:36 2010
@@ -694,7 +694,7 @@ not be deleted</td>
 </tr>
 <tr>
 <td><a href="https://issues.apache.org/jira/browse/DERBY-4356">DERBY-4356</a></td><td>testStartStopManagementFromApplication(org.apache.derbyTesting.functionTests.tests.management.ManagementMBeanTest)junit.framework.AssertionFailedError:
- expected:&amp;lt;2&amp;gt; but was:&amp;lt;%&amp;gt;</td>
+ expected:(2) but was:(%)</td>
 </tr>
 <tr>
 <td><a href="https://issues.apache.org/jira/browse/DERBY-4355">DERBY-4355</a></td><td>Implement
CROSS JOIN</td>
@@ -764,7 +764,7 @@ exceptions and finish the server shutdow
 </tr>
 <tr>
 <td><a href="https://issues.apache.org/jira/browse/DERBY-4297">DERBY-4297</a></td><td>'compilation
time did not compute 
-(0,0,0,0) expected:&amp;lt;16&amp;gt; but was:&amp;lt;0&amp;gt;' in 
+(0,0,0,0) expected:(16) but was:(0)' in 
 testGroupBySortProps(....tests.lang.XplainStatisticsTest)</td>
 </tr>
 <tr>
@@ -881,7 +881,7 @@ INTEGER function can be applied to dates
 </tr>
 <tr>
 <td><a href="https://issues.apache.org/jira/browse/DERBY-4102">DERBY-4102</a></td><td>Assert
failure or ClassCastException in 
-EmbedBlob when retrieving BLOB &amp;gt;= 32K</td>
+EmbedBlob when retrieving BLOB )= 32K</td>
 </tr>
 <tr>
 <td><a href="https://issues.apache.org/jira/browse/DERBY-4092">DERBY-4092</a></td><td>You
should not be able to invoke a table 
@@ -1149,7 +1149,7 @@ documented in Derby Tools and Utilities 
 tables with identity columns" section.</td>
 </tr>
 <tr>
-<td><a href="https://issues.apache.org/jira/browse/DERBY-151">DERBY-151</a></td><td>Thread
termination -&amp;gt; XSDG after 
+<td><a href="https://issues.apache.org/jira/browse/DERBY-151">DERBY-151</a></td><td>Thread
termination -) XSDG after 
 operation is 'complete'</td>
 </tr>
 </table>
@@ -1158,13 +1158,15 @@ operation is 'complete'</td>
 <a name="Fix for Security Bug CVE-2009-4269"></a>Fix for Security Bug CVE-2009-4269</h2>
 
 <p>
-Derby 10.6.1.0 also fixes a security flaw tracked by the Apache Common Vulnerabilities and
Exposures id "CVE-2009-4269". This flaw made it easy to crack passwords managed by Derby's
BUILTIN authentication logic. Originally, the BUILTIN logic was intended only for testing
purposes. However, Derby's user documentation suggested that this scheme was production-ready
and it appears that many users rely on BUILTIN authentication in production. Tracked by <a
href="#Note for DERBY-4483">DERBY-4483</a>, the flaw is addressed as follows:
+Derby 10.6.1.0 also fixes a security flaw tracked by the Apache Common Vulnerabilities and
Exposures id "CVE-2009-4269". This flaw made it easy to crack passwords managed by Derby's
BUILTIN authentication logic. Originally, the BUILTIN logic was intended only for testing
purposes. However, Derby's user documentation suggested that this scheme was production-ready
and it appears that many users rely on BUILTIN authentication in production. Tracked by DERBY-4483,
the flaw is addressed as follows:
 </p>
 
 <ol>
 <li>The bug itself is corrected for newly created 10.6 databases.</li>
 
-<li>Password substitution is not allowed when logging into a database where the bug
is corrected and BUILTIN passwords are stored in the database. See the release note for <a
href="#Note for DERBY-4483">DERBY-4483</a>.</li>
+<li>Password substitution is not allowed when logging into a database
+where the bug is corrected and BUILTIN passwords are stored in the
+database. See the release note for DERBY-4483 below.</li>
 
 <li>Derby's default password-hashing scheme is changed from SHA-1 to SHA-256, which
is harder to crack.</li>
 
@@ -1195,62 +1197,38 @@ Users are urged to
 <p>Compared with the previous release (10.5.3.0), Derby release 10.6.1.0 introduces
the following new features and incompatibilities. These merit your special attention.</p>
 <ul>
 <li>
-<a href="#Note for DERBY-4602">
-<p>Note for DERBY-4602: 
+Note for DERBY-4602: 
 Default hash algorithm for BUILTIN authentication changed to SHA-256
-</p>
-</a>
 </li>
 <li>
-<a href="#Note for DERBY-4483">
-<p>Note for DERBY-4483: 
+Note for DERBY-4483: 
 Strong password substitution cannot be used with new defaults for
 BUILTIN authentication.
-</p>
-</a>
 </li>
 <li>
-<a href="#Note for DERBY-4432">
-<p>Note for DERBY-4432: 
+Note for DERBY-4432: 
 The in-memory back end will no longer create a database if the virtual database directory
already exists.
-</p>
-</a>
 </li>
 <li>
-<a href="#Note for DERBY-4380">
-<p>Note for DERBY-4380: 
+Note for DERBY-4380: 
 Changed error code and message when referencing column not in scope in
 ON clause.
-</p>
-</a>
 </li>
 <li>
-<a href="#Note for DERBY-4355">
-<p>Note for DERBY-4355: 
+Note for DERBY-4355: 
 CROSS is now a reserved keyword and cannot be used as an unquoted identifier.
-</p>
-</a>
 </li>
 <li>
-<a href="#Note for DERBY-4191">
-<p>Note for DERBY-4191: 
+Note for DERBY-4191: 
 Some queries require additional SELECT privileges now.
-</p>
-</a>
 </li>
 <li>
-<a href="#Note for DERBY-3844">
-<p>Note for DERBY-3844: 
+Note for DERBY-3844: 
 Applications may no longer obtain a LOB object, or a <tt>Reader</tt> or an <tt>InputStream</tt>,
from the same column more than once per row.
-</p>
-</a>
 </li>
 <li>
-<a href="#Note for DERBY-2769">
-<p>Note for DERBY-2769: 
+Note for DERBY-2769: 
 Comprehensive validity checks for the parameters of <tt>Clob.setString</tt> have
been introduced.
-</p>
-</a>
 </li>
 </ul>
 <hr>



Mime
View raw message