You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tapestry.apache.org by hl...@apache.org on 2010/04/19 15:57:33 UTC

svn commit: r935572 - /tapestry/tapestry5/trunk/src/site/apt/upgrade.apt

Author: hlship
Date: Mon Apr 19 13:57:33 2010
New Revision: 935572

URL: http://svn.apache.org/viewvc?rev=935572&view=rev
Log:
Revise the upgrade notes, as WhitelistAuthorizer, etc., were introduced in 5.2.

Modified:
    tapestry/tapestry5/trunk/src/site/apt/upgrade.apt

Modified: tapestry/tapestry5/trunk/src/site/apt/upgrade.apt
URL: http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/upgrade.apt?rev=935572&r1=935571&r2=935572&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/src/site/apt/upgrade.apt (original)
+++ tapestry/tapestry5/trunk/src/site/apt/upgrade.apt Mon Apr 19 13:57:33 2010
@@ -16,17 +16,13 @@ Release 5.2.0
 
 * Assets
 
-  There have been some changes to how assets operate in Tapestry 5.2. The previous mechanism
-  for marking assets as public (exposed to the client user agent), introduced in Tapestry 5.1,
-  have been removed in 5.2. The corresponding services (WhitelistAuthorizer, RegexAuthorizer)
-  have been deleted outright; you may need to modify your application module to no longer make
-  contributions to these services.
+  There have been some changes to how assets operate in Tapestry 5.2.
   
   Virtual folders, used to define root packages for component libraries, may no longer
-  contain slashes.  The same goes for LibraryMappings.
+  contain slashes. Virtual folders are the pathPrefix property of the LibraryMapping objects
+  that are contributed to the ComponentClassResolver service.
   
-  Each LibraryMapping contributed to the ComponentClassResolver service
-  is now automatically converted into a matching contribution to   
+  Each LibraryMapping  is now automatically converted into a matching contribution to   
   the ClasspathAssetAliasManager service. Previously a library author was encouraged
   to make contributions to both services. The path prefix of a LibraryMapping is also
   now prohibited from containing the slash character.
@@ -54,14 +50,6 @@ Release 5.2.0
   now works in terms of adding new fields, initializing those fields using callbacks, providing callbacks for access
   to fields, and adding advice to methods.
 
-* Asset Security
-
-  Tapestry now includes a new mechanism for ensuring the security of server-side assets, addressing a bug
-  that allowed a malicious user to search and download any file on the classpath. The new approach
-  is more secure, but is based on explicitly extending access; some existing frameworks (created to
-  be compatible with Tapestry 5.1) will need additional configuration to extend access to their
-  assets.  See the {{{guide/assets.html}notes on securing Assets}}. 
-
 * Template Parser back to SAX
 
   Tapestry no longer uses a StAX parser (it uses a normal SAX parser) to parse component templates. This change