Upcoming 5.1.0.6 release

[Igor Drobiazko <ig...@gmail.com>]

Hello folks,

I would like to invite you all to vote for/against the upcoming release. In
this release we fixed the two most popular Tapestry issues and I wonder
about few votes. Maybe Christmas time is not the best time for a release.
However, there is a discussion in the dev list about the fix of TAP5-815 and
blocking of static resources inside the classpath. Please participate.

https://issues.apache.org/jira/browse/TAP5-815

-- 
Best regards,

Igor Drobiazko
http://tapestry5.de/blog

Re: Upcoming 5.1.0.6 release

[Christian Riedel <ch...@gmx.net>]

Just add a special item to the release notes that no one can overlook. I 
mean, if anyone performs this upgrade to 5.1.0.6 he should be aware of 
the the release notes.
On the other hand, a new user wouldn't check the release notes but maybe 
start with the maven archetype. Is the quickstart-app also broken?
We should also not forget that a future release 5.1.0.7 could add that 
contribution by default that 5.1.0.6 users would have to do now.

And finally you should consider it's a birthday gift for Howard, so I'd 
make it rather a round thing and add that RegexAuthorizer contribution 
(or at least some documentation about this issue) to the release. 
TAP-815 is the main issue for this bugfix release. If there are still 
small things to do, why not doing it now? I could live with a release 
one week later when I don't have to bother about additional 
configuration, except changing Tapestry's version number :)



Am 29.12.09 12:19, schrieb Vangel V. Ajanovski:
> On 29.12.2009 07:40, Igor Drobiazko wrote:
>    
>> Hello folks,
>> I would like to invite you all to vote for/against the upcoming release. In
>> this release we fixed the two most popular Tapestry issues and I wonder
>> about few votes. Maybe Christmas time is not the best time for a release.
>> However, there is a discussion in the dev list about the fix of TAP5-815 and
>> blocking of static resources inside the classpath. Please participate.
>> https://issues.apache.org/jira/browse/TAP5-815
>>
>>      
>  From the perspective of this list, an additional short guide on how to
> check whether your Tapestry application is secured OK, is most welcome.
> Meaning:
> - WEB-INF is not accessible,
> - META-INF is not accessible,
> - .class .tml .properties are not accessible etc.
> This way any user could try and see if the solution works, and rest assured.
>
> Maybe these checks should be automatically tested when starting the app
> in the container and have some warnings in the Log if not.
>
>
>
>    

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: Upcoming 5.1.0.6 release

["Vangel V. Ajanovski" <aj...@ii.edu.mk>]

On 29.12.2009 07:40, Igor Drobiazko wrote:
> Hello folks,
> I would like to invite you all to vote for/against the upcoming release. In
> this release we fixed the two most popular Tapestry issues and I wonder
> about few votes. Maybe Christmas time is not the best time for a release.
> However, there is a discussion in the dev list about the fix of TAP5-815 and
> blocking of static resources inside the classpath. Please participate.
> https://issues.apache.org/jira/browse/TAP5-815
>   
From the perspective of this list, an additional short guide on how to
check whether your Tapestry application is secured OK, is most welcome.
Meaning:
- WEB-INF is not accessible,
- META-INF is not accessible,
- .class .tml .properties are not accessible etc.
This way any user could try and see if the solution works, and rest assured.

Maybe these checks should be automatically tested when starting the app
in the container and have some warnings in the Log if not.