You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ns...@apache.org on 2010/08/17 17:58:27 UTC
svn commit: r986368 - in /couchdb: branches/0.11.x/NEWS branches/1.0.x/NEWS
site/htdocs/community/committers.html site/htdocs/community/lists.html
site/htdocs/downloads.html site/htdocs/downloads.txt trunk/NEWS
Author: nslater
Date: Tue Aug 17 15:58:27 2010
New Revision: 986368
URL: http://svn.apache.org/viewvc?rev=986368&view=rev
Log:
added notice about CVE-2010-2234
Modified:
couchdb/branches/0.11.x/NEWS
couchdb/branches/1.0.x/NEWS
couchdb/site/htdocs/community/committers.html
couchdb/site/htdocs/community/lists.html
couchdb/site/htdocs/downloads.html
couchdb/site/htdocs/downloads.txt
couchdb/trunk/NEWS
Modified: couchdb/branches/0.11.x/NEWS
URL: http://svn.apache.org/viewvc/couchdb/branches/0.11.x/NEWS?rev=986368&r1=986367&r2=986368&view=diff
==============================================================================
--- couchdb/branches/0.11.x/NEWS (original)
+++ couchdb/branches/0.11.x/NEWS Tue Aug 17 15:58:27 2010
@@ -15,6 +15,7 @@ Version 0.11.2
* User documents can now be deleted by admins or the user.
* Avoid potential DOS attack by guarding all creation of atoms.
* Some Futon and JavaScript library bugfixes.
+ * Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
Version 0.11.1
--------------
Modified: couchdb/branches/1.0.x/NEWS
URL: http://svn.apache.org/viewvc/couchdb/branches/1.0.x/NEWS?rev=986368&r1=986367&r2=986368&view=diff
==============================================================================
--- couchdb/branches/1.0.x/NEWS (original)
+++ couchdb/branches/1.0.x/NEWS Tue Aug 17 15:58:27 2010
@@ -38,6 +38,7 @@ Version 0.11.2
* User documents can now be deleted by admins or the user.
* Avoid potential DOS attack by guarding all creation of atoms.
* Some Futon and JavaScript library bugfixes.
+ * Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
Version 0.11.1
--------------
Modified: couchdb/site/htdocs/community/committers.html
URL: http://svn.apache.org/viewvc/couchdb/site/htdocs/community/committers.html?rev=986368&r1=986367&r2=986368&view=diff
==============================================================================
--- couchdb/site/htdocs/community/committers.html (original)
+++ couchdb/site/htdocs/community/committers.html Tue Aug 17 15:58:27 2010
@@ -78,66 +78,66 @@ limitations under the License.
</div>
<div id="content"><h1>Committers</h1>
-<p><a href="http://damienkatz.net/">Damien Katz</a>, <a href="mailto:damien@apache.org">damien@apache.org</a></p>
+<p><a href="http://damienkatz.net/">Damien Katz</a>, <a href="mailto:damien@apache.org">damien@apache.org</a></p>
<p>Original developer and Apache CouchDB PMC Chair.</p>
-<p><a href="http://jan.prima.de/">Jan Lehnardt</a>, <a href="mailto:jan@apache.org">jan@apache.org</a></p>
+<p><a href="http://jan.prima.de/">Jan Lehnardt</a>, <a href="mailto:jan@apache.org">jan@apache.org</a></p>
<p>Worked on the original UNIX port and now works on all ends in CouchDB.
He is a freelancing CouchDB consultant and gives presentations around the
world.</p>
-<p><a href="http://tumbolia.org/nslater">Noah Slater</a>, <a href="mailto:nslater@apache.org">nslater@apache.org</a></p>
+<p><a href="http://tumbolia.org/nslater">Noah Slater</a>, <a href="mailto:nslater@apache.org">nslater@apache.org</a></p>
<p>Developed and maintains the Autotools build system and application
infrastructure. He is CouchDB’s release manager and maintains a number of
related packages for Debian GNU/Linux.</p>
-<p><a href="http://www.cmlenz.net/">Christopher Lenz</a>, <a href="mailto:cmlenz@apache.org">cmlenz@apache.org</a></p>
+<p><a href="http://www.cmlenz.net/">Christopher Lenz</a>, <a href="mailto:cmlenz@apache.org">cmlenz@apache.org</a></p>
<p>Developed and maintains Futon, the Web administration console. He works on
the JavaScript view engine, SpiderMonkey and MochiWeb integration in
addition to an external Python client.</p>
-<p><a href="http://jchris.mfdz.com">J. Chris Anderson</a>, <a href="mailto:jchris@apache.org">jchris@apache.org</a></p>
+<p><a href="http://jchris.mfdz.com">J. Chris Anderson</a>, <a href="mailto:jchris@apache.org">jchris@apache.org</a></p>
<p>Upgraded the Erlang JSON term format. Integrates community patches,
particularly related to the HTTP API and the MapReduce system. Gives talks and
presentations about CouchDB, with an eye toward recruiting more developers.</p>
-<p><a href="http://www.davispj.com/">Paul J. Davis</a>, <a href="mailto:davisp@apache.org">davisp@apache.org</a></p>
+<p><a href="http://www.davispj.com/">Paul J. Davis</a>, <a href="mailto:davisp@apache.org">davisp@apache.org</a></p>
<p>Developed features for the HTTP API as well as helped with recent upgrades
to the MapReduce system. Spends time tracking down various bugs reported in
JIRA.</p>
-<p>Adam Kocoloski, <a href="mailto:kocolosk@apache.org">kocolosk@apache.org</a></p>
+<p>Adam Kocoloski, <a href="mailto:kocolosk@apache.org">kocolosk@apache.org</a></p>
<p>Maintains and extends the replicator. Hacks on various other parts of the
core database.</p>
-<p>Mark Hammond, <a href="mailto:mhammond@apache.org">mhammond@apache.org</a></p>
+<p>Mark Hammond, <a href="mailto:mhammond@apache.org">mhammond@apache.org</a></p>
<p>Windows support.</p>
-<p><a href="http://www.jasondavies.com/">Jason Davies</a>, <a href="mailto:jasondavies@apache.org">jasondavies@apache.org</a></p>
+<p><a href="http://www.jasondavies.com/">Jason Davies</a>, <a href="mailto:jasondavies@apache.org">jasondavies@apache.org</a></p>
<p>Developed various authentication features including cookie-based
authentication and OAuth support.</p>
-<p><a href="http://benoitc.im">Benoît Chesneau</a>, <a href="mailto:benoitc@apache.org">benoitc@apache.org</a></p>
+<p><a href="http://benoitc.im">Benoît Chesneau</a>, <a href="mailto:benoitc@apache.org">benoitc@apache.org</a></p>
<p>Developed the URL rewriter and proxy authentication handlers and provides some
patches. He also maintains the couchapp script and some other tools and
libraries related to CouchDB.</p>
-<p><a href="http://fdmanana.wordpress.com">Filipe Manana</a>, <a href="mailto:fdmanana@apache.org">fdmanana@apache.org</a></p>
+<p><a href="http://fdmanana.wordpress.com">Filipe Manana</a>, <a href="mailto:fdmanana@apache.org">fdmanana@apache.org</a></p>
<p>Contributes mostly to the replicator, some parts of the core database and
the security features.</p>
-<p>Robert Newson, <a href="mailto:rnewson@apache.org">rnewson@apache.org</a></p>
+<p>Robert Newson, <a href="mailto:rnewson@apache.org">rnewson@apache.org</a></p>
<p>Contributes bug fixes and small features.</p>
<div id="clear"></div></div>
Modified: couchdb/site/htdocs/community/lists.html
URL: http://svn.apache.org/viewvc/couchdb/site/htdocs/community/lists.html?rev=986368&r1=986367&r2=986368&view=diff
==============================================================================
--- couchdb/site/htdocs/community/lists.html (original)
+++ couchdb/site/htdocs/community/lists.html Tue Aug 17 15:58:27 2010
@@ -94,11 +94,11 @@ discussion of topics related to CouchDB.
<ul>
<li>To <strong>subscribe</strong>, send an email to
-<a href="mailto:user-subscribe@couchdb.apache.org">user-subscribe@couchdb.apache.org</a>.</li>
+<a href="mailto:user-subscribe@couchdb.apache.org">user-subscribe@couchdb.apache.org</a>.</li>
<li>To <strong>unsubscribe</strong> send empty email to
-<a href="mailto:user-unsubscribe@couchdb.apache.org">user-unsubscribe@couchdb.apache.org</a></li>
+<a href="mailto:user-unsubscribe@couchdb.apache.org">user-unsubscribe@couchdb.apache.org</a></li>
<li>Finally, to post a message to the list use the address
-<a href="mailto:user@couchdb.apache.org">user@couchdb.apache.org</a></li>
+<a href="mailto:user@couchdb.apache.org">user@couchdb.apache.org</a></li>
</ul>
<p>The archives for this list can also be <a href="http://mail-archives.apache.org/mod_mbox/couchdb-user/">browsed online</a>.</p>
@@ -113,11 +113,11 @@ participate if they are interested follo
<ul>
<li>To <strong>subscribe</strong>, send an email to
-<a href="mailto:dev-subscribe@couchdb.apache.org">dev-subscribe@couchdb.apache.org</a>.</li>
+<a href="mailto:dev-subscribe@couchdb.apache.org">dev-subscribe@couchdb.apache.org</a>.</li>
<li>To <strong>unsubscribe</strong> send empty email to
-<a href="mailto:dev-unsubscribe@couchdb.apache.org">dev-unsubscribe@couchdb.apache.org</a></li>
+<a href="mailto:dev-unsubscribe@couchdb.apache.org">dev-unsubscribe@couchdb.apache.org</a></li>
<li>Finally, to post a message to the list use the address
-<a href="mailto:dev@couchdb.apache.org">dev@couchdb.apache.org</a></li>
+<a href="mailto:dev@couchdb.apache.org">dev@couchdb.apache.org</a></li>
</ul>
<p>The archives for this list can also be <a href="http://mail-archives.apache.org/mod_mbox/couchdb-dev/">browsed online</a>.</p>
@@ -130,9 +130,9 @@ to see and review changes made by others
<ul>
<li>To <strong>subscribe</strong>, send an email to
-<a href="mailto:commits-subscribe@couchdb.apache.org">commits-subscribe@couchdb.apache.org</a>.</li>
+<a href="mailto:commits-subscribe@couchdb.apache.org">commits-subscribe@couchdb.apache.org</a>.</li>
<li>To <strong>unsubscribe</strong> send empty email to
-<a href="mailto:commits-unsubscribe@couchdb.apache.org">commits-unsubscribe@couchdb.apache.org</a></li>
+<a href="mailto:commits-unsubscribe@couchdb.apache.org">commits-unsubscribe@couchdb.apache.org</a></li>
</ul>
<p>The archives for this list can also be <a href="http://mail-archives.apache.org/mod_mbox/couchdb-commits/">browsed online</a>.</p>
Modified: couchdb/site/htdocs/downloads.html
URL: http://svn.apache.org/viewvc/couchdb/site/htdocs/downloads.html?rev=986368&r1=986367&r2=986368&view=diff
==============================================================================
--- couchdb/site/htdocs/downloads.html (original)
+++ couchdb/site/htdocs/downloads.html Tue Aug 17 15:58:27 2010
@@ -114,6 +114,7 @@ limitations under the License.
<li>Enable basic-auth popup when required to access the server, to prevent
people from getting locked out.</li>
<li>User interface element for querying stale (cached) views.</li>
+<li>Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack</li>
</ul>
<h3>0.11.2</h3>
Modified: couchdb/site/htdocs/downloads.txt
URL: http://svn.apache.org/viewvc/couchdb/site/htdocs/downloads.txt?rev=986368&r1=986367&r2=986368&view=diff
==============================================================================
--- couchdb/site/htdocs/downloads.txt (original)
+++ couchdb/site/htdocs/downloads.txt Tue Aug 17 15:58:27 2010
@@ -58,6 +58,7 @@ See [the release notice](notice/1.0.1.ht
* User documents can now be deleted by admins or the user.
* Avoid potential DOS attack by guarding all creation of atoms.
* Some Futon and JavaScript library bugfixes.
+ * Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
### 0.11.1
Modified: couchdb/trunk/NEWS
URL: http://svn.apache.org/viewvc/couchdb/trunk/NEWS?rev=986368&r1=986367&r2=986368&view=diff
==============================================================================
--- couchdb/trunk/NEWS (original)
+++ couchdb/trunk/NEWS Tue Aug 17 15:58:27 2010
@@ -43,6 +43,7 @@ Version 0.11.2
* User documents can now be deleted by admins or the user.
* Avoid potential DOS attack by guarding all creation of atoms.
* Some Futon and JavaScript library bugfixes.
+ * Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack
Version 0.11.1
--------------