You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by dn...@apache.org on 2004/11/02 00:24:46 UTC
cvs commit: jakarta-lucene CHANGES.txt
dnaber 2004/11/01 15:24:46
Modified: . Tag: lucene_1_4_2_dev CHANGES.txt
Log:
mention the fix in results.jsp
Revision Changes Path
No revision
No revision
1.96.2.5 +10 -1 jakarta-lucene/CHANGES.txt
Index: CHANGES.txt
===================================================================
RCS file: /home/cvs/jakarta-lucene/CHANGES.txt,v
retrieving revision 1.96.2.4
retrieving revision 1.96.2.5
diff -u -r1.96.2.4 -r1.96.2.5
--- CHANGES.txt 1 Oct 2004 16:10:45 -0000 1.96.2.4
+++ CHANGES.txt 1 Nov 2004 23:24:46 -0000 1.96.2.5
@@ -2,6 +2,15 @@
$Id$
+1.4.3
+
+ 1. The JSP demo page (src/jsp/results.jsp) now properly escapes error
+ messages which might contain user input (e.g. error messages about
+ query parsing). If you used that page as a starting point for your
+ own code please make sure your code also properly escapes HTML
+ characters from user input in order to avoid so-called cross site
+ scripting attacks. (Daniel Naber)
+
1.4.2
1. Fixed bug #31241: Sorting could lead to incorrect results (documents
---------------------------------------------------------------------
To unsubscribe, e-mail: lucene-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: lucene-dev-help@jakarta.apache.org