You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tapestry.apache.org by hl...@apache.org on 2010/04/19 15:57:33 UTC
svn commit: r935572 - /tapestry/tapestry5/trunk/src/site/apt/upgrade.apt
Author: hlship
Date: Mon Apr 19 13:57:33 2010
New Revision: 935572
URL: http://svn.apache.org/viewvc?rev=935572&view=rev
Log:
Revise the upgrade notes, as WhitelistAuthorizer, etc., were introduced in 5.2.
Modified:
tapestry/tapestry5/trunk/src/site/apt/upgrade.apt
Modified: tapestry/tapestry5/trunk/src/site/apt/upgrade.apt
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/upgrade.apt?rev=935572&r1=935571&r2=935572&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/src/site/apt/upgrade.apt (original)
+++ tapestry/tapestry5/trunk/src/site/apt/upgrade.apt Mon Apr 19 13:57:33 2010
@@ -16,17 +16,13 @@ Release 5.2.0
* Assets
- There have been some changes to how assets operate in Tapestry 5.2. The previous mechanism
- for marking assets as public (exposed to the client user agent), introduced in Tapestry 5.1,
- have been removed in 5.2. The corresponding services (WhitelistAuthorizer, RegexAuthorizer)
- have been deleted outright; you may need to modify your application module to no longer make
- contributions to these services.
+ There have been some changes to how assets operate in Tapestry 5.2.
Virtual folders, used to define root packages for component libraries, may no longer
- contain slashes. The same goes for LibraryMappings.
+ contain slashes. Virtual folders are the pathPrefix property of the LibraryMapping objects
+ that are contributed to the ComponentClassResolver service.
- Each LibraryMapping contributed to the ComponentClassResolver service
- is now automatically converted into a matching contribution to
+ Each LibraryMapping is now automatically converted into a matching contribution to
the ClasspathAssetAliasManager service. Previously a library author was encouraged
to make contributions to both services. The path prefix of a LibraryMapping is also
now prohibited from containing the slash character.
@@ -54,14 +50,6 @@ Release 5.2.0
now works in terms of adding new fields, initializing those fields using callbacks, providing callbacks for access
to fields, and adding advice to methods.
-* Asset Security
-
- Tapestry now includes a new mechanism for ensuring the security of server-side assets, addressing a bug
- that allowed a malicious user to search and download any file on the classpath. The new approach
- is more secure, but is based on explicitly extending access; some existing frameworks (created to
- be compatible with Tapestry 5.1) will need additional configuration to extend access to their
- assets. See the {{{guide/assets.html}notes on securing Assets}}.
-
* Template Parser back to SAX
Tapestry no longer uses a StAX parser (it uses a normal SAX parser) to parse component templates. This change