You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by dn...@apache.org on 2004/11/02 00:24:46 UTC

cvs commit: jakarta-lucene CHANGES.txt

dnaber      2004/11/01 15:24:46

  Modified:    .        Tag: lucene_1_4_2_dev CHANGES.txt
  Log:
  mention the fix in results.jsp
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.96.2.5  +10 -1     jakarta-lucene/CHANGES.txt
  
  Index: CHANGES.txt
  ===================================================================
  RCS file: /home/cvs/jakarta-lucene/CHANGES.txt,v
  retrieving revision 1.96.2.4
  retrieving revision 1.96.2.5
  diff -u -r1.96.2.4 -r1.96.2.5
  --- CHANGES.txt	1 Oct 2004 16:10:45 -0000	1.96.2.4
  +++ CHANGES.txt	1 Nov 2004 23:24:46 -0000	1.96.2.5
  @@ -2,6 +2,15 @@
   
   $Id$
   
  +1.4.3
  +
  + 1. The JSP demo page (src/jsp/results.jsp) now properly escapes error
  +    messages which might contain user input (e.g. error messages about 
  +    query parsing). If you used that page as a starting point for your
  +    own code please make sure your code also properly escapes HTML
  +    characters from user input in order to avoid so-called cross site
  +    scripting attacks. (Daniel Naber)
  +
   1.4.2
   
    1. Fixed bug #31241: Sorting could lead to incorrect results (documents
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: lucene-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: lucene-dev-help@jakarta.apache.org