jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mreut...@apache.org
Subject svn commit: r9067 - /dev/jackrabbit/2.10.1/
Date Thu, 21 May 2015 08:42:28 GMT
Author: mreutegg
Date: Thu May 21 08:42:27 2015
New Revision: 9067

Log:
Apache Jackrabbit 2.10.1 release candidate

Added:
    dev/jackrabbit/2.10.1/
    dev/jackrabbit/2.10.1/RELEASE-NOTES.txt   (with props)
    dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip   (with props)
    dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.asc
    dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.md5
    dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.sha
    dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar   (with props)
    dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.asc
    dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.md5
    dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.sha
    dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar   (with props)
    dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.asc
    dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.md5
    dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.sha
    dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war   (with props)
    dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.asc
    dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.md5
    dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.sha

Added: dev/jackrabbit/2.10.1/RELEASE-NOTES.txt
==============================================================================
--- dev/jackrabbit/2.10.1/RELEASE-NOTES.txt (added)
+++ dev/jackrabbit/2.10.1/RELEASE-NOTES.txt Thu May 21 08:42:27 2015
@@ -0,0 +1,112 @@
+Release Notes -- Apache Jackrabbit -- Version 2.10.1
+
+Introduction
+------------
+
+This is Apache Jackrabbit(TM) 2.10.1, a fully compliant implementation of the
+Content Repository for Java(TM) Technology API, version 2.0 (JCR 2.0) as
+specified in the Java Specification Request 283 (JSR 283).
+
+Apache Jackrabbit 2.10.1 is a patch release that contains fixes and
+improvements over Jackrabbit 2.10. Jackrabbit 2.10.x releases are considered
+stable and targeted for production use.
+
+Security advisory (JCR-3883 / CVE-2015-1833)
+--------------------------------------------
+
+This release fixes an important security issue in the jackrabbit-webdav module
+reported by Mikhail Egorov.
+
+When processing a WebDAV request body containing XML, the XML parser can be 
+instructed to read content from network resources accessible to the host, 
+identified by URI schemes such as "http(s)" or  "file". Depending on the 
+WebDAV request, this can not only be used to trigger internal network 
+requests, but might also be used to insert said content into the request, 
+potentially exposing it to the attacker and others (for instance, by inserting
+said content in a WebDAV property value using a PROPPATCH request). See also
+IETF RFC 4918, Section 20.6.
+
+Users of the jackrabbit-webdav module are advised to immediately update the
+module to this release or disable WebDAV access to the repository. Users
+on earlier versions of Jackrabbit who are unable to upgrade to 2.10.1 should
+apply the fix to the corresponding 2.x branch or disable WebDAV access until
+official releases of those earlier versions are available. Patches for 2.x
+branches are attached to the JIRA issue.
+
+Changes since Jackrabbit 2.10.0
+-------------------------------
+
+Bug fixes
+
+  [JCR-3853] JCR2SPI: Load ac provider resource
+  [JCR-3871] POI Vulnerabilities
+  [JCR-3872] Config DTD does not declare ProtectedItemImporter elements
+  [JCR-3873] CachingDataStore not safe against crashes, corrupted uploads file will prevent
system startup
+  [JCR-3876] POM dependency to jackrabbit-data test-jar is not test-scoped 
+  [JCR-3878] Fix test case failure in jackrabbit-data
+  [JCR-3883] Jackrabbit WebDAV bundle susceptible to XXE/XEE attack
+
+Improvements
+
+  [JCR-3864] CachingDatastore -cache file sizes to save remote call to remote datastore(
S3DS) 
+  [JCR-3868] Adapt TestCaseBase.java to test for FileDatastore
+  [JCR-3869] CachingDataStore for SAN or NFS mounted storage 
+  [JCR-3879] Remove contention in AsyncUploadCache to improve performance
+  [JCR-3881] Change CachingFDS configuration properties 
+
+New Features
+
+  [JCR-3836] Allow to get an Authorizable of a given type 
+
+Sub-tasks
+
+  [JCR-3837] Add AuthorizableTypeException in user security API package
+
+In addition to the above-mentioned changes, this release contains
+all the changes included up to the Apache Jackrabbit 2.10.0 release.
+
+For more detailed information about all the changes in this and other
+Jackrabbit releases, please see the Jackrabbit issue tracker at
+
+    https://issues.apache.org/jira/browse/JCR
+
+Release Contents
+----------------
+
+This release consists of a single source archive packaged as a zip file.
+The archive can be unpacked with the jar tool from your JDK installation.
+See the README.txt file for instructions on how to build this release.
+
+The source archive is accompanied by SHA1 and MD5 checksums and a PGP
+signature that you can use to verify the authenticity of your download.
+The public key used for the PGP signature can be found at
+https://svn.apache.org/repos/asf/jackrabbit/dist/KEYS.
+
+About Apache Jackrabbit
+-----------------------
+
+Apache Jackrabbit is a fully conforming implementation of the Content
+Repository for Java Technology API (JCR). A content repository is a
+hierarchical content store with support for structured and unstructured
+content, full text search, versioning, transactions, observation, and
+more.
+
+For more information, visit http://jackrabbit.apache.org/
+
+About The Apache Software Foundation
+------------------------------------
+
+Established in 1999, The Apache Software Foundation provides organizational,
+legal, and financial support for more than 140 freely-available,
+collaboratively-developed Open Source projects. The pragmatic Apache License
+enables individual and commercial users to easily deploy Apache software;
+the Foundation's intellectual property framework limits the legal exposure
+of its 3,800+ contributors.
+
+For more information, visit http://www.apache.org/
+
+Trademarks
+----------
+
+Apache Jackrabbit, Jackrabbit, Apache, the Apache feather logo, and the Apache
+Jackrabbit project logo are trademarks of The Apache Software Foundation.

Propchange: dev/jackrabbit/2.10.1/RELEASE-NOTES.txt
------------------------------------------------------------------------------
    svn:eol-style = native

Added: dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.asc
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.asc (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.asc Thu May 21 08:42:27 2015
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+
+iQIcBAABAgAGBQJVXZl2AAoJENEI/4eapjlQmf8P/3HeXP/qEGNaqDgHty1kOrPX
+0Ddm0O6FvkJL0DOIUMx8OiAKV4BABI1JfomfbIGFV2jvhBJtNlJ5X0Ug5Sj9yEJZ
+QNjkTCglMBjucwoilEQZqSmpS1pfXN/urxVIz6Tsr+YzOv9DbM3YcbKKWlxKzrub
+Wf/aIR3wSR5P0A8zY4bdw/93V7tgN/gB6Ns/W+L1jvII6TKDJeUVVmYitOPRkiWC
+emjt03EmT2YtO/2MlUt+z9NDNbz/7IvIjmh3EtM1TuyAoCXREnhCa9BY4KvJ1QnZ
+QxD7dm0R0lbcNuhijLMHkTsnQI/mdwcmG8y1zbf+HOT7gMEd5bl2Jmxl/bF1EhyW
+DffQiwG1r53IURejMo6J2/CScE1EEO9kdIALX4OSQZaReYzNYYOcRBc1QZLyQy0L
+rszWUcuYpYAt/hM4Um9WdcK0eAhJWu8rbTgZGW1NQYF5LqeL+vuecctL9/C2YvHV
+GN5JfO6dsgSALHHeAhXX8urJLW1EaFW8id2zB1zK8bU7eE2b8LOgeTmZLbJ/yZIb
+Qcz3JZOzkpUczcR5veoNUr7QQ69F8/jfZKClwK1hiIDa/sEjZIh7NAyuFIJIqWgN
+t7GfGmZhaCn4UWbLH3ZCoHHvN6Eesaqi+1AqQ+dQdpSCeTF9Y6QbimxxCvYilqwV
+kISqk/fF1bO2bsdMZLiO
+=4Dmv
+-----END PGP SIGNATURE-----

Added: dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.md5
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.md5 (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.md5 Thu May 21 08:42:27 2015
@@ -0,0 +1 @@
+73083d72ce59002f11f7cf503ec3e261

Added: dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.sha
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.sha (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-2.10.1-src.zip.sha Thu May 21 08:42:27 2015
@@ -0,0 +1 @@
+0468f349d82aaca9ddbc13bfff0e44629be36f30

Added: dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.asc
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.asc (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.asc Thu May 21 08:42:27 2015
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+
+iQIcBAABAgAGBQJVXZiIAAoJENEI/4eapjlQdgUQAL8Jyv2H11T4azQe80tccw6E
+hAGUgrO5oKcuAnIN7xFnCYg7APQiOCx7snTcoYviwiN7uLcb0maxlMS8yQzWlXGH
+CFEwhezzzOcSqi3UMQu90529YR+K1Y8JSMopceMzcGdHjxcqqiRnpzfu8mSeazb4
+FDhPNyxeXgDqN7DrBXdf9/TD2bGqDJMFkR8ulUBZKxVfscz+uCEK6I0tvMP//LGp
+/vKhAu9HidWjFo4V72MRND513/11ZOHoAlVWobf0RH8sKSYoy8AqUUWETGbmqvEh
+VA7L9AJi5XnjW5UjIEarl+SIasGJ7NgKyQMbrrbkVnZEKIHColVj5O+obONbaJIZ
+cg+RvkDl3c0vYsG/ZwiVvY+LI/Rj+IQkp340HuwPCWyq8d7cyJcbHi5W3uSLW4pl
+dll+TENvzHTwEQk/OxUQcZI/fIpaUD+OH5q16SRfD3/JyCJc+djIU7qMbrj1x/fH
+Z24bxLoY9/wPMBmeNgiqRxKbQz6TY0GFRlQmmWqsYxFTZ0UsCh+FKky72bOTa0ax
+3eecS85i8dhoMpm3Gxoi1Dxhcs1LVeYSeCCTMYUJxD7Jrf8g/eQPVRSIfQrdJ+uL
+QQjuCj7sodcHsIITYeMUJ09UnkEsEM99YcCAYaTy+RYn5AlUvyo9d6pFNwvu/Sg1
+Z0mFd7RtQojrT1wDaiHT
+=npBm
+-----END PGP SIGNATURE-----

Added: dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.md5
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.md5 (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.md5 Thu May 21 08:42:27 2015
@@ -0,0 +1 @@
+d4818172a939a314369afb9e66b4a83c

Added: dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.sha
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.sha (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-jca-2.10.1.rar.sha Thu May 21 08:42:27 2015
@@ -0,0 +1 @@
+77e774c3f04f0bdff5d3009271a2a64b5996de4c

Added: dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.asc
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.asc (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.asc Thu May 21 08:42:27 2015
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+
+iQIcBAABAgAGBQJVXZluAAoJENEI/4eapjlQaU8QAI6J8A/mBf8AQK3ryBCYS/AB
+pvWh9wIgQgYoZouO2a2zicb18G/eR0J9eEQeKro4eE+qSD88BL9s18y9YT4xta4x
+/Y6Wcmu+pQR8A7pZ24EuzO7wF5nvGwwPXOTUm+5BBkqfc3t5VUQiXAcG/NqginKn
+l7U3D1SiJt/Qs6wTpk+yr0wUFoJY/e513a/g3sC01rOoIZzb1tm79BoM4GVabhxi
+CoSHqlGOudgubQImU9SMj47s1VRlYg5gm4Jh75jN9+P9gvi7kmGISw4M0+E+R7Rs
+ggucesygyAWD+JTCuOFJ6PGp/xSQN7RY0N3OVABuaxkcF8SzqULn6eRnCtb2cawS
+aW30RgFX1YdTAOG3R5SWqgk5dkpQBA7nXyff4qzjCbzCsXPIoDZM+6HnG45qlyXD
+cq7VcVqBaQTOYJr0tZOZUWZtFByPkRKJsP0VP7G2vosTnchqHONIbF9Jo5b82gdR
+b1cQ7EEezvYRYEqZLJrkqYk8MSpiyXZpgtwZcfkgzABaBHKDe+jS0EUbU2X5yITH
+DvkYhbjwlVDrgfx7sfMkmrAaNOjiBoXB1UdI02Hhq8Etm9pEO3Dl//OoBgLmqTYl
+yEb2vRQKXT6ZhGfeMoNVmb0uBQIHhSzZX6OPrV3sz+l9OVuBbxyt+oh24EtarEfJ
+xVh0eq+4COgKfsmH7WhK
+=/omo
+-----END PGP SIGNATURE-----

Added: dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.md5
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.md5 (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.md5 Thu May 21 08:42:27 2015
@@ -0,0 +1 @@
+ce7cbeda32ee8fdda7ab14e23b833701

Added: dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.sha
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.sha (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-standalone-2.10.1.jar.sha Thu May 21 08:42:27 2015
@@ -0,0 +1 @@
+18fc2ee3518cc6ffbe6c0604622de4a6f9cef6ec

Added: dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.asc
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.asc (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.asc Thu May 21 08:42:27 2015
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+
+iQIcBAABAgAGBQJVXZhdAAoJENEI/4eapjlQxsYQAJltctiaiaRwgkDfVQk51Sxx
+qKjuy25UVw0oIS/jFNZt99cPPwGu1fIyQqG9ZfbGaRo0QzdmM5Pj8DXNh3ErfulI
+sSBxM5cKbj9911JfyhNgjdwuCdmLm4PIyOMd4zJx6g1+0CLOueiWUn7LpYdLeePK
+gJ82yJuRZ7b1VMudkHSbezffAR6BWwj3LdfNUiqvSVfOwpJiFsyTUsRbZiOLYQHv
+rh2Q7LLzFJB86D+wVAmDDC1JOs8QcNLzZIihJFt6QTTCyiT08uXATtF97rCxrG8N
+fmrZ4TX1n7cgUy+9MQawaE/L7xNQpDYv6cHpTZKccPHPYLLLHUMr7hhjg3O7YHgN
+c4J5sSyRlNs5tacSV1GoScrwOkLjCCU61+Z489YHMxbtY1RHtVgzIbCyTJ4AWoV/
+LQB68GgIVF52j0JKuJMcUkG5qBW6MF52iOMSwn67aIOgu74oWgQIyTdjdHwoRMuA
+wjJVCyIh7fR3eI/GwV8vwp6Zr4Pqs2w21MPuRlqEbpg8tJdchANDFrNOc1DjvCZ8
+ILka6mhCCn/gX6emk9oiK+MMVZv61IQByXVL4rnuVyuWjatse2QRoBSI64dtfWVw
+s/6ZVJnXMe0mvK72r5FPqObPQxgkIkXVta/h7YN0rDnF982jmPwW2rv/I4JSiKaG
+B7PcKYSs5f1W2C3N/ZtQ
+=La24
+-----END PGP SIGNATURE-----

Added: dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.md5
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.md5 (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.md5 Thu May 21 08:42:27 2015
@@ -0,0 +1 @@
+ec615edafaca7e60339b98c5e226a72f

Added: dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.sha
==============================================================================
--- dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.sha (added)
+++ dev/jackrabbit/2.10.1/jackrabbit-webapp-2.10.1.war.sha Thu May 21 08:42:27 2015
@@ -0,0 +1 @@
+cc44fa77d3dd54e4da3772cdc0d01e9b12e21313



Mime
View raw message