roller-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anil Gangolli" <a...@busybuddha.org>
Subject Re: to Release Roller 2.3.1 (RC1)
Date Sun, 30 Jul 2006 15:51:16 GMT
+1 if it has been verified.  It's certainly safer than the earlier behavior.
If we have some sample attack texts, we should add that to the unit test for 
Utilities.removeHTML()

Dave:

There was an issue raised with the search feature, where I could possibly 
learn cookies by publishing a constructed URL that invoked the search but 
also had embedded script.  Was that fixed as well?  If not, we should 
probably add a fix for that to the 2.3.1 release.

--a.


----- Original Message ----- 
From: "Dave Johnson" <snoopdave@gmail.com>
To: <roller-dev@incubator.apache.org>
Cc: <shenoi.avinash@gmail.com>
Sent: Monday, July 24, 2006 7:34 AM
Subject: VOTE: to Release Roller 2.3.1 (RC1)


>I have prepared a release candidate for Roller 2.3.1 that fixes one issue:
> http://opensource.atlassian.com/projects/roller/browse/ROL-1196
>
> The release candidate files are available here:
> http://people.apache.org/~snoopdave/
>
> I think ROL-1196 is serious enough to justify "emergency bug fix
> release" status.
>
> - Dave
> 


Mime
View raw message