jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From resc...@apache.org
Subject svn commit: r15401 - /dev/jackrabbit/2.4.6/
Date Mon, 19 Sep 2016 05:43:46 GMT
Author: reschke
Date: Mon Sep 19 05:43:45 2016
New Revision: 15401

Log:
Apache Jackrabbit 2.4.6 release candidate

Added:
    dev/jackrabbit/2.4.6/
    dev/jackrabbit/2.4.6/RELEASE-NOTES.txt   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.asc   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.md5   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.sha   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.asc   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.md5   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.sha   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.asc   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.md5   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.sha   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.asc   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.md5   (with props)
    dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.sha   (with props)

Added: dev/jackrabbit/2.4.6/RELEASE-NOTES.txt
==============================================================================
--- dev/jackrabbit/2.4.6/RELEASE-NOTES.txt (added)
+++ dev/jackrabbit/2.4.6/RELEASE-NOTES.txt Mon Sep 19 05:43:45 2016
@@ -0,0 +1,105 @@
+Release Notes -- Apache Jackrabbit -- Version 2.4.6
+
+Introduction
+------------
+
+This is Apache Jackrabbit(TM) 2.4, a fully compliant implementation of the
+Content Repository for Java(TM) Technology API, version 2.0 (JCR 2.0) as
+specified in the Java Specification Request 283 (JSR 283).
+
+Apache Jackrabbit 2.4.6 is patch release that contains fixes and
+improvements over Jackrabbit 2.4.5. This release also contain security fixes
+for Jackrabbit 2.4.5 and earlier. Jackrabbit 2.4.x releases are considered
+stable and targeted for production use.
+
+Security advisory (JCR-3883 / CVE-2015-1833)
+--------------------------------------------
+
+This release fixes an important security issue in the jackrabbit-webdav module
+reported by Mikhail Egorov.
+
+When processing a WebDAV request body containing XML, the XML parser can be 
+instructed to read content from network resources accessible to the host, 
+identified by URI schemes such as "http(s)" or  "file". Depending on the 
+WebDAV request, this can not only be used to trigger internal network 
+requests, but might also be used to insert said content into the request, 
+potentially exposing it to the attacker and others (for instance, by inserting
+said content in a WebDAV property value using a PROPPATCH request). See also
+IETF RFC 4918, Section 20.6.
+
+Users of the jackrabbit-webdav module are advised to immediately update the
+module to this release or disable WebDAV access to the repository.
+
+
+Changes since Jackrabbit 2.4.5
+------------------------------
+
+Bug
+
+    [JCR-3364] - Moving of nodes requires read access to all parent nodes of the destination
node
+    [JCR-3518] - Build fails on Mac OS + JDK 7
+    [JCR-3603] - Index aggreate with property include does not speed up order by
+    [JCR-3710] - occasional test failures in TokenBasedAuthenticationTest
+    [JCR-3711] - RepositoryChecker versioning cleanup may leave repaired node in invalid
type state
+    [JCR-3761] - TokenInfo#resetExpiration always fails with ConstraintViolationException
+    [JCR-3790] - timing related TokenProviderTest failures
+    [JCR-3883] - Jackrabbit WebDAV bundle susceptible to XXE/XEE attack (CVE-2015-1833)
+    [JCR-3909] - CSRF bug in Jackrabbit-Webdav
+    [JCR-3949] - occasional test failure in RepositoryConfigTest.testAutomaticClusterNodeIdCreation()
+    [JCR-3950] - XSS in DirListingExportHandler
+    [JCR-4009] - CSRF in Jackrabbit-Webdav (CVE-2016-6801)
+
+Improvement
+
+    [JCR-3405] - Improvements to user management implementation
+    [JCR-3687] - Backport improvements made to token based auth in OAK
+    [JCR-3826] - AbstractPrincipalProvider cachesize is not configurable
+
+In addition to the above-mentioned changes, this release contains
+all the changes included up to the Apache Jackrabbit 2.4.5 release.
+
+For more detailed information about all the changes in this and other
+Jackrabbit releases, please see the Jackrabbit issue tracker at
+
+    https://issues.apache.org/jira/browse/JCR
+
+Release Contents
+----------------
+
+This release consists of a single source archive packaged as a zip file.
+The archive can be unpacked with the jar tool from your JDK installation.
+See the README.txt file for instructions on how to build this release.
+
+The source archive is accompanied by SHA1 and MD5 checksums and a PGP
+signature that you can use to verify the authenticity of your download.
+The public key used for the PGP signature can be found at
+https://svn.apache.org/repos/asf/jackrabbit/dist/KEYS.
+
+About Apache Jackrabbit
+-----------------------
+
+Apache Jackrabbit is a fully conforming implementation of the Content
+Repository for Java Technology API (JCR). A content repository is a
+hierarchical content store with support for structured and unstructured
+content, full text search, versioning, transactions, observation, and
+more.
+
+For more information, visit http://jackrabbit.apache.org/
+
+About The Apache Software Foundation
+------------------------------------
+
+Established in 1999, The Apache Software Foundation provides organizational,
+legal, and financial support for more than 140 freely-available,
+collaboratively-developed Open Source projects. The pragmatic Apache License
+enables individual and commercial users to easily deploy Apache software;
+the Foundation's intellectual property framework limits the legal exposure
+of its 3,800+ contributors.
+
+For more information, visit http://www.apache.org/
+
+Trademarks
+----------
+
+Apache Jackrabbit, Jackrabbit, Apache, the Apache feather logo, and the Apache
+Jackrabbit project logo are trademarks of The Apache Software Foundation.

Propchange: dev/jackrabbit/2.4.6/RELEASE-NOTES.txt
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip
------------------------------------------------------------------------------
    svn:executable = *

Propchange: dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.asc
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.asc (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.asc Mon Sep 19 05:43:45 2016
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJX3Ze8AAoJEB3kYVKPHxsqqVQP/0cuBzVgD71WV6Z+6//sbBKM
+peNdKwsWTKTC2NDCMGLa7krXZt2nVliyfXMqEKEK5I9Ap9EkFxoQB2UW9XMu9Ivl
+jWU9g2azM79L1xZpd39FuZCeGVP8brpg4krkwYkWAYgnr8ivp3+593gP2qiR6wCJ
++Ry8ui7a8B3EUUM5fXtBemputFFGrRW5zINbKBH+N3JxHFyal3SENWofDilpdCTm
+V5F1PYXW+zEVO90deYqphlRTkFDjRHxPxV2Qv9ebJm/8Z92mNB1mOE44Kn97oHZv
+CIaaSVp1A7Y96FVAiroLP7d++0OFpqbYLnz6BUQK4DsdTW2jKURiqSNkf+zVad9I
+pSxuyOkWePtjWlb6ZSVmulVGqQTGIapCL3WcssW4irjAL9YoO5YuGHE6y/5S4OsT
+vXeWMdMMVzgJQhBvvEr3SZLBM9BIV+Mcg6hMcNnzIv60wtj7olxF4bF1CtMavBmu
+xYA+0QKCTRObNSKycvtGVo+JrLdRDs1aa585Tss89u+RxkiGsy28qO2+GjAlYtUg
+Zv4shFIquP9ikMbC5TRcKYMAXUjLxcmP81tgdZMOCG+99WW/t2Vc9v1PQ9/aYQWX
+O38scCe9/n9DBWWafgEG8OCV86cAAywHLUaiejV6n4a7An+9oNEhB00i/4W0Nk0U
++ehsrdK6CM4t/zkjRU6E
+=sNy5
+-----END PGP SIGNATURE-----

Propchange: dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.asc
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.md5
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.md5 (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.md5 Mon Sep 19 05:43:45 2016
@@ -0,0 +1 @@
+10489cd8c31342532576140e9c096cb3

Propchange: dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.md5
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.sha
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.sha (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.sha Mon Sep 19 05:43:45 2016
@@ -0,0 +1 @@
+e98a3db90e6fb87e629d3861d1074d062ca89759

Propchange: dev/jackrabbit/2.4.6/jackrabbit-2.4.6-src.zip.sha
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar
------------------------------------------------------------------------------
    svn:executable = *

Propchange: dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.asc
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.asc (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.asc Mon Sep 19 05:43:45 2016
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJX3ZZ6AAoJEB3kYVKPHxsqYvEQAK3C7TmGNX4PDwJpFpg0Q192
+s8qgjaC0VTdASi2gsbpBHuRMg8/ESRVIgxcn9r6nSEexKP3pt7ieSt+zbrl3wy5e
+CrTxIkQuHxEQF4n09qtVxUHBY1dF/h2u4Ks2E+x0TDBdre+SUGQet4u2XjAJmjtq
+dgW/Pl8WdvepV8dzMUJAFibpo0q0DA/4cLIbpJxvGdXgPHmJ/6D74qNdhYyzLIB5
+bKl29CPOofThOo5/1Tx05BXNc6QE5EHl29rPXRwGgoAJe3RLcqH4+DKh+eCiCI17
+I8DbplSdUwVnqSZV4+XzMaatFIHSlndQQPj+PgHoei3P0eh23P5Xk9lZpLmFdhjU
+g88JQ4YGQ7R/6bqju7VneyCpNO5MdIPVlMRB9gqZxWfWdO8paM2DYZoZMQ9Etoo+
+P4Why879DEqu5GK13EaU8T7Fyq59wOK8UyW9lu/sWxxk6JQK4hf58Do8xyMGo5/l
+YRKO+TcRsbeIq9pIYm6MnTQFcff482jspdMB3yOiLBRF6KkgJmU7evXccTu5rID1
+Uh/+Vk91BPPqmkdw/cONXoO5gqyT20cE5dNOeTSsBxw9NLuOIxFxqzDcC+bCoOIc
+W6r3uhIXrxfYFrWTA+18mWZLzK+Vlmi1chnMSx5BM1EI/mG6Q0QPDyFhc6Y6mGsU
+a3sy/eSKBu8bhGIBPQd2
+=OO6y
+-----END PGP SIGNATURE-----

Propchange: dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.asc
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.md5
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.md5 (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.md5 Mon Sep 19 05:43:45 2016
@@ -0,0 +1 @@
+4a7f229b3c30d1f79696d0c90283711d

Propchange: dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.md5
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.sha
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.sha (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.sha Mon Sep 19 05:43:45 2016
@@ -0,0 +1 @@
+579af6834ed574eb6a920ed85e1312b29ec7315f

Propchange: dev/jackrabbit/2.4.6/jackrabbit-jca-2.4.6.rar.sha
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar
------------------------------------------------------------------------------
    svn:executable = *

Propchange: dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.asc
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.asc (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.asc Mon Sep 19 05:43:45 2016
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJX3Ze0AAoJEB3kYVKPHxsqrY0P/iJhl6YtS59UwtwYH+J03ZVa
+i85kPrX0i6qlxPvWTfflwx67/N2VeFL25o+pUJYarxJY1kdAnx2bw0r2QOcQTG70
+BTyqrLRGjlQIPY3Lf21K6ETaKa3knkMjVHfRbMb3pA9lLe1//ciMqXI68z6hS+iL
+T83Gn5xjnIEwItp/YSZBmeWY7NTIZRA0cJ19lwsJgwomp7ojD4lDqYwJX0ieQ41Z
+qGUp02G1VDwK0V8VJjwJytCB8Gd0e2IZmz0uMAz6/vqDnVgHqDjOAPMLiOOBUfTL
+MJBJlBcfZK2tZ/8fFbiKxT7LKtRxuGQxJnxuQjUUxivDe4vcbsvpMumDUj8j5KVJ
+rQMzagETD5lFsCvIbyfmS6jrZzZJJnZiBxGVypzJsnY4VPofQGDQK0YZyvDdSPcA
+4a9R81b+4m1JGYNULnj9JXsthwJo1JfrQGV7W6S8VrsoYjAi5UP1hLKMDkn5crvu
+hgcGhsBOiweKtYEWauEIxxKJXzLRGbz2SsfyVGB9cV7I0HjPVfW4GuZUS9dYzk+s
+s5dDu05STe1wnIofIR/ao6oTOFPfnvghVi5TpZbzdZ/3FOsm8YXNa3E4Kjfw5wsN
+5SYCmUCT9m/yjlQDcVF+kRv5Vv6S35cbEe/XZpWgploidPJmHVfaWzqM8+RRp87n
+uHRJ97drGDYX45O3otdw
+=Vth5
+-----END PGP SIGNATURE-----

Propchange: dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.asc
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.md5
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.md5 (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.md5 Mon Sep 19 05:43:45 2016
@@ -0,0 +1 @@
+ca3c29117ff226dc2a8a74ebc11418d3

Propchange: dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.md5
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.sha
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.sha (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.sha Mon Sep 19 05:43:45 2016
@@ -0,0 +1 @@
+7a0695971ecd692408e26f343fe10db265db81d5

Propchange: dev/jackrabbit/2.4.6/jackrabbit-standalone-2.4.6.jar.sha
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war
==============================================================================
Binary file - no diff available.

Propchange: dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war
------------------------------------------------------------------------------
    svn:executable = *

Propchange: dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.asc
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.asc (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.asc Mon Sep 19 05:43:45 2016
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQIcBAABAgAGBQJX3ZYbAAoJEB3kYVKPHxsq7OQQAJhCGmqUkyjMRn+iXCABa4EA
+R123x6+upmqqLRopum7x2g1Gswh6S2RY93Dm9NDHKtO4/WATid4FUZvBllsggCdu
+NYYxBOlRjivUPItFRh+yKNh3RuDbvc9N+lrT34sla2rRYStdTxJZVk/eYjr8lr8O
+TKSiq+nDIYP8GQzWRNjFJ7r7z4ugYxLcaws3bl0v2Jm6wXmKgFPZQYN4HbLWDRDV
+WAHcWoIIt3TikxVN8ZRnSSErmKN4MoPKUs99wkUUuG5S9yOk6LSTrWhDJFU89Hs+
+AsTiKRqKMNsJVrbDwpgq+M2UG2GTKhWW3DU4e9tUgJIGdToyerqxdE8C42RlJnOn
+ai7V/+z/7JQJmZ++1akgwRgtjxgPG5G+uoa7YH64UAZUJSqqrkU04NtOyrH/UEuU
+6QK1q6mWX9F41sr6l6seU48JIK+qTnP8X//dwKwmKMo3cKFej/z2fOxjh7hiQ6fl
+qTVS/Yj+25JJQ8D7AQYpPXEOaHdzNlxixBIxIegFG/Oj9i+hObwqP6lDpAQ9NhsG
+n7pxYVdwqbpYw07BflycfEHsR9rgUMyuScJbejA1eYk/HtM53TQAKFm+K4FaUR4S
+JCs4sGbDDIlZejdHB/sWWMLv2DFAgbQm5Pnc7m2e+f7ql4/Aib8Y7ZUoom034HyL
+ZKOx8q/7rpIN8/6RAiX6
+=/O23
+-----END PGP SIGNATURE-----

Propchange: dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.asc
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.md5
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.md5 (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.md5 Mon Sep 19 05:43:45 2016
@@ -0,0 +1 @@
+4e85d9228de47667a8880f5351f33090

Propchange: dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.md5
------------------------------------------------------------------------------
    svn:executable = *

Added: dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.sha
==============================================================================
--- dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.sha (added)
+++ dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.sha Mon Sep 19 05:43:45 2016
@@ -0,0 +1 @@
+e7234880f0320dda7254f01e0ddfba6f6d031ded

Propchange: dev/jackrabbit/2.4.6/jackrabbit-webapp-2.4.6.war.sha
------------------------------------------------------------------------------
    svn:executable = *



Mime
View raw message