jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Jackrabbit Wiki] Update of "Board Report September 2016" by MichaelDürig
Date Mon, 12 Sep 2016 09:44:01 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Jackrabbit Wiki" for change notification.

The "Board Report September 2016" page has been changed by MichaelDürig:
https://wiki.apache.org/jackrabbit/Board%20Report%20September%202016?action=diff&rev1=2&rev2=3

Comment:
September 2016 report (preliminary version)

     Apache Jackrabbit itself is mostly in maintenance mode with most of 
     the work going into bug fixing and tooling. New features are mainly
     driven by dependencies from Oak. 
- 
-    A new CSRF issue was reported in August (JCR-4002). The initial fix 
-    disabled POST completely, but neglected other components that still 
-    use POST and remain unprotected. After consultation with the reporter 
-    of the bug, and also with browser implementers, a new fix is being 
-    prepared (JCR-4009). The fix has been back-ported to all maintained 
-    branches and is in the process of being released. It will be 
-    published as CVE-2016-6801. 
  
  ## Health report: 
     The project is healthy with a continuous stream of traffic

Mime
View raw message