jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mreut...@apache.org
Subject svn commit: r9156 - /dev/jackrabbit/2.8.1/
Date Thu, 28 May 2015 08:20:48 GMT
Author: mreutegg
Date: Thu May 28 08:20:47 2015
New Revision: 9156

Log:
Apache Jackrabbit 2.8.1 release candidate

Added:
    dev/jackrabbit/2.8.1/
    dev/jackrabbit/2.8.1/RELEASE-NOTES.txt   (with props)
    dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip   (with props)
    dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.asc
    dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.md5
    dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.sha
    dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar   (with props)
    dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.asc
    dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.md5
    dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.sha
    dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar   (with props)
    dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.asc
    dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.md5
    dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.sha
    dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war   (with props)
    dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.asc
    dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.md5
    dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.sha

Added: dev/jackrabbit/2.8.1/RELEASE-NOTES.txt
==============================================================================
--- dev/jackrabbit/2.8.1/RELEASE-NOTES.txt (added)
+++ dev/jackrabbit/2.8.1/RELEASE-NOTES.txt Thu May 28 08:20:47 2015
@@ -0,0 +1,107 @@
+Release Notes -- Apache Jackrabbit -- Version 2.8.1
+
+Introduction
+------------
+
+This is Apache Jackrabbit(TM) 2.8.1, a fully compliant implementation of the
+Content Repository for Java(TM) Technology API, version 2.0 (JCR 2.0) as
+specified in the Java Specification Request 283 (JSR 283).
+
+Apache Jackrabbit 2.8.1 is a patch release that contains fixes and
+improvements over Jackrabbit 2.8. Jackrabbit 2.8.x releases are considered
+stable and targeted for production use.
+
+Security advisory (JCR-3883 / CVE-2015-1833)
+--------------------------------------------
+
+This release fixes an important security issue in the jackrabbit-webdav module
+reported by Mikhail Egorov.
+
+When processing a WebDAV request body containing XML, the XML parser can be 
+instructed to read content from network resources accessible to the host, 
+identified by URI schemes such as "http(s)" or  "file". Depending on the 
+WebDAV request, this can not only be used to trigger internal network 
+requests, but might also be used to insert said content into the request, 
+potentially exposing it to the attacker and others (for instance, by inserting
+said content in a WebDAV property value using a PROPPATCH request). See also
+IETF RFC 4918, Section 20.6.
+
+Users of the jackrabbit-webdav module are advised to immediately update the
+module to this release or disable WebDAV access to the repository.
+
+Changes since Jackrabbit 2.8.0
+------------------------------
+
+Improvements
+
+  [JCR-3777] Add simple allow/deny/clear convenience methods to AccessControlUtils
+  [JCR-3782] Backport OAK-1612, OAK-1615, OAK-1616
+  [JCR-3810] StreamWrapper can attempt to reset other types of InputStreams
+  [JCR-3818] Use SimpleFSDirectory by default
+  [JCR-3826] AbstractPrincipalProvider cachesize is not configurable
+
+Bug fixes
+
+  [JCR-3783] Deadlock due to IOException in WorkspaceUpdateChannel.updatePrepared()
+  [JCR-3784] ReplacePropertyWhileOthersReadTest fails when run with ConcurrentTestSuite
+  [JCR-3789] AccessControlUtils.clear should not retrieve applicable policies
+  [JCR-3790] timing related TokenProviderTest failures
+  [JCR-3796] TokenProvider.createToken is case sensitive
+  [JCR-3798] NPE while building path in lucene index consistency checker
+  [JCR-3809] ConnectionHelper swallows exception when it fails to reset binary streams after
a failed SQL statement execution
+  [JCR-3811] AppendRecord should allow reattempting database insertions of journal records
should the initial attempt fail
+  [JCR-3814] IllegalStateException in LockManager#unlock
+  [JCR-3821] SeededSecureRandom thread can prevent Jackrabbit from shutting down
+  [JCR-3840] NodeTypeDefDiff does not take same-name child type definitions into account
+  [JCR-3850] RepositoryStartupServlet constructs FileStore incorrectly
+  [JCR-3871] POI Vulnerabilities
+  [JCR-3883] Jackrabbit WebDAV bundle susceptible to XXE/XEE attack (CVE-2015-1833)
+
+In addition to the above-mentioned changes, this release contains
+all the changes included up to the Apache Jackrabbit 2.8.0 release.
+
+For more detailed information about all the changes in this and other
+Jackrabbit releases, please see the Jackrabbit issue tracker at
+
+    https://issues.apache.org/jira/browse/JCR
+
+Release Contents
+----------------
+
+This release consists of a single source archive packaged as a zip file.
+The archive can be unpacked with the jar tool from your JDK installation.
+See the README.txt file for instructions on how to build this release.
+
+The source archive is accompanied by SHA1 and MD5 checksums and a PGP
+signature that you can use to verify the authenticity of your download.
+The public key used for the PGP signature can be found at
+https://svn.apache.org/repos/asf/jackrabbit/dist/KEYS.
+
+About Apache Jackrabbit
+-----------------------
+
+Apache Jackrabbit is a fully conforming implementation of the Content
+Repository for Java Technology API (JCR). A content repository is a
+hierarchical content store with support for structured and unstructured
+content, full text search, versioning, transactions, observation, and
+more.
+
+For more information, visit http://jackrabbit.apache.org/
+
+About The Apache Software Foundation
+------------------------------------
+
+Established in 1999, The Apache Software Foundation provides organizational,
+legal, and financial support for more than 140 freely-available,
+collaboratively-developed Open Source projects. The pragmatic Apache License
+enables individual and commercial users to easily deploy Apache software;
+the Foundation's intellectual property framework limits the legal exposure
+of its 3,800+ contributors.
+
+For more information, visit http://www.apache.org/
+
+Trademarks
+----------
+
+Apache Jackrabbit, Jackrabbit, Apache, the Apache feather logo, and the Apache
+Jackrabbit project logo are trademarks of The Apache Software Foundation.

Propchange: dev/jackrabbit/2.8.1/RELEASE-NOTES.txt
------------------------------------------------------------------------------
    svn:eol-style = native

Added: dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.asc
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.asc (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.asc Thu May 28 08:20:47 2015
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+
+iQIcBAABAgAGBQJVZs69AAoJENEI/4eapjlQ0ycP/i/QJUegt1hg+6pDhYg6Th+B
+JcKKF1r6FBraJIS+yDlufUHRYYUNImzldArzAo/aGJvGv1p+U9CvrW9O6T+bT/j3
+qJBjLWrEIflOp55vk91e5C/A/BzdishUUHgC8wRhyB4bjN+jTWIVKNTGCH5jvw3W
+3BK7m7GIG5iUFCqrnQhzKLv+dZWegkTW5s5UF+viMOAXM1TgpjylQgpYiqcs5cGy
+iQWci5CntLh3JxNfAPr5d6rJ6pQ+BeKH1hatBOJYwRO8DfMK6+IiS3wzdoGzirQA
+uQHvEy17DdlfQf7M3LaIdTiZSuJWXfcPogaYA47urvDwVEojtaTt/7VwqTvWs57n
+5+q8GxWuPKZ5qui/ngnr0aoXXYOr7Z+dmpNVpSIn3tDTPw3onahH28HyS7q2rWJp
+fRRS4utmk2H/w3Mxzjh+gn9bRoVT/bENZKAUqtqAjgWkFKh3Y9EAUj1NliiVcMCc
+30QLZ8laXBp/HQh0fdutp9Mj9tOY1/D9xWVn4SxOstrCgja7OxKKPNrgQsFNj2VJ
+j7GYr5BCSGYWqheGGlmZCq0wck9sO3o5n4RrO53xIoDG3G7h+zyRxWfKoLyyCf8A
+ZmxXHm4mNbIQ6Go7eO1rxfPp9INq43mFp8m3DSiCCpbwbI8Fx+3ReSEPXRJjfbf7
+5k5YBD/yB6EocE8lHVJ8
+=lpJN
+-----END PGP SIGNATURE-----

Added: dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.md5
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.md5 (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.md5 Thu May 28 08:20:47 2015
@@ -0,0 +1 @@
+dae98714b1a55e6868a197e820dc939c

Added: dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.sha
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.sha (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-2.8.1-src.zip.sha Thu May 28 08:20:47 2015
@@ -0,0 +1 @@
+04daebcf1c95044852239a00e85de6996e1b8bd2

Added: dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.asc
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.asc (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.asc Thu May 28 08:20:47 2015
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+
+iQIcBAABAgAGBQJVZs2+AAoJENEI/4eapjlQ3eQP/Rkm6jzXW5GmiNovqx3pP4JB
+RWNjun5ENRA4QFacJKDMwYpAMHSVSP6AYkBr/yCLzcxo+2HI4WU9+muhEVZWM1/M
+NuZ5R+CsyJ++8cIRzw2lWz2+JqbHB6i0ZHm17svUUr7mu3iKTD0FmEi5FC3SD5p5
+uH9FeXBmcsb1yIRmME5kfQAad4Ad8NmZcx115dfZiXtz+4effgZGThx6ereAaUig
+oAbeqTIFh4Q/S+XJ1S1L6hCKtN5reQD5e3SrvZQkw4VXisYgiUXusbaCJlF0Murf
+a7SMTnI68Nr3Uqt8JAuTIh9h8oyGM2qxPzKF62dvlBGWFoD0xOIWrQXPecd/Lu1c
+gNVy64l4FvqTLZWn6MgnMx8qsfF/O12GdkDrM82hx4kcmcD6Aw3r6Q1dRiz4m6tz
+vDRcXNCklJwZv+IARSLfpFdD9P5DwFSOO7+r+dnYjTdXxS6PmAZuAECrw7FjAahs
+zb05T9mX/Vq3oUDwQPqavYGV2vcaDaR9WfrLmuzAmaky7IyixvVUBe2syzFWZVEc
+FXn3w0MbkqBKJETFX3v6rta6b8p2fCxb/2DdicGHadXMxIIzd+dZHTOYKPxqF4MC
+BxzRiNtW/yB4vqTPY+DcScdFoJ7IPXSfJlNmsC9aLoKInwAq5WYvtbh1CXUgQc2t
+5fH0eqpm4mCJCyKlYFlC
+=PChM
+-----END PGP SIGNATURE-----

Added: dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.md5
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.md5 (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.md5 Thu May 28 08:20:47 2015
@@ -0,0 +1 @@
+e06cfba81d8e111d5409af4fe72f11a5

Added: dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.sha
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.sha (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-jca-2.8.1.rar.sha Thu May 28 08:20:47 2015
@@ -0,0 +1 @@
+260c97fbe2880da9ec8d5105330d54fd4b5baf3f

Added: dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.asc
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.asc (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.asc Thu May 28 08:20:47 2015
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+
+iQIcBAABAgAGBQJVZs63AAoJENEI/4eapjlQRLgP/jX6HU+YZD5Q86JPFb9i5npI
+n7y+NMMwxOULf8nsKHd3ytxOFNjBYbbu86dqEtKkiy19T8I5Vhb0cjfNz95C/Uab
+0TZ6uvuFWjGXnK2DWSZBmU4MkSU7eJOo45oa4h1JxzwswTYYAIggv7uGjOI2ZKDE
+CoMgLKA5MYa9THMlg16QFdLRIMnCR723/k6U5cpg8tyxdg+5AbP4z7Ws+VRZxWbJ
+s1Y3zwWHox1tNqYG0Em017ZynLAMVAP4QnYIVPo3OjpODTJArIzQXYqeyRCAUn5M
+lISxXrr2bM6KlbZbQBv3Noxh2tA5GKS60Wdjj9QO18MbLoavmgEPeJz+JPkNkzK6
+CPBKquAWuew3PcBUtOlWVrdlnnsJXdc2WuBcgBdlrLeP3w/yG62muVifO1A6brv1
+W+Z0/U1TpJSvWkRXI4sZuuUJNmgSqWTwtuMQ9J0v+JyBxdVLVaHlCa7jUkmi+qAB
+1Ke93/0ykny0y86gQCTGkQr64nHImFVULJcSoQrwIZXMUNrt90n7IdtzNvjH8hvq
+BO/B53pjh93bn6fr3L6WjItIEE/0lcv91PGaU2do8P9BSXacrJfvNeeXNpUP3jcw
+WAMeLDULgeX0iAkgouMcXSnW6O8YmZyNuWdlGqmIJ7u/KbEi/k1VAF/OotVd5Hnu
+uEZ6qa4OYQBDoKJLIC1A
+=WwFf
+-----END PGP SIGNATURE-----

Added: dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.md5
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.md5 (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.md5 Thu May 28 08:20:47 2015
@@ -0,0 +1 @@
+1e08dd5c0dfbe5ea1b04c28969f2ed56

Added: dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.sha
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.sha (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-standalone-2.8.1.jar.sha Thu May 28 08:20:47 2015
@@ -0,0 +1 @@
+b05d0ac706db9d457fdc9c0b7d7092bf1ffaa59f

Added: dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.asc
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.asc (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.asc Thu May 28 08:20:47 2015
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
+
+iQIcBAABAgAGBQJVZs2TAAoJENEI/4eapjlQBUUP/30/Q5PNvatQM4nslpROiCnK
+RZjdx7hx2wfjuQwyTtawtfwF/TbCCDVOa7Lrjyiq5ywAbf42d+n274frapMRxvXl
+5b5DYlDfcmQlAsusVwijs3ld7q/HVmN6Qv650mVDKXgk2azmMyzK53MYbHCgcsIW
+177ZNqyfVhfCV9g5lcTzTlRxc+ShJUdmMZ62dWnQqN4p/QG7YOsxiOEQ6n5vXYvi
+VBtv3C4xfBNGg+EJkGhe1bNXaaX+9VU0rx9fK5Imw5r7KXERWPpGx+UXYDGqz6hb
+MC+ufyA5R7zRftgP/v0jg4UDS+C3O6R+kzXOd05FoV5nNxVsItVmFaNufS4mtP00
+oFPPNuFq43txPsbQGxNLwSGWDXaCNc76YIc5V2u3mrCxM4WqbV5y5m5DPw0Tnqp1
+aJ2ItAXMRqWdmGdSLOAJiaj7pMKCcRtT9GHNcXJcJs1v1I5vALDh6GoAyMU986o8
+sFDOurAgdweQqbDNsDesq3El1xMt20QzBQKeVX/t3/buY016Jy3tiiHCAHGH+7uY
+X0zR7BfzGb5ZlDSI7C08UXXcLs2OCbyt5noMIgHnUQj91rQkdNujrUwrovtqCpLC
+tyjaUFCve/1os51fXBp5SExit0tt2HWdIRT1jjbRJD5eaqZpwNYEjd6haN6iPVpd
+2uckyaGi9OCG6by1Zhd6
+=WS2d
+-----END PGP SIGNATURE-----

Added: dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.md5
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.md5 (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.md5 Thu May 28 08:20:47 2015
@@ -0,0 +1 @@
+479552fe26e827c97f32ff666262d93e

Added: dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.sha
==============================================================================
--- dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.sha (added)
+++ dev/jackrabbit/2.8.1/jackrabbit-webapp-2.8.1.war.sha Thu May 28 08:20:47 2015
@@ -0,0 +1 @@
+5d62cf68bc245638f6b0eda4bdfa0c6f59c16f37



Mime
View raw message