You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@archiva.apache.org by oc...@apache.org on 2010/11/30 04:45:43 UTC

svn commit: r1040401 - in /archiva/branches/archiva-1.3.x/archiva-docs: ./ src/site/apt/release-notes.apt

Author: oching
Date: Tue Nov 30 03:45:42 2010
New Revision: 1040401

URL: http://svn.apache.org/viewvc?rev=1040401&view=rev
Log:
merge -c 1040400 from 1.3.2 tag

Modified:
    archiva/branches/archiva-1.3.x/archiva-docs/   (props changed)
    archiva/branches/archiva-1.3.x/archiva-docs/src/site/apt/release-notes.apt

Propchange: archiva/branches/archiva-1.3.x/archiva-docs/
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Tue Nov 30 03:45:42 2010
@@ -0,0 +1,7 @@
+/archiva/branches/MRM-1025/archiva-docs:882046,882457,884741,885313-885314,892686
+/archiva/branches/MRM-541/archiva-docs:686983-687034
+/archiva/branches/archiva-search-improvements/archiva-docs:723609-726925
+/archiva/branches/archiva-struts2/archiva-docs:699795-705848
+/archiva/tags/archiva-1.3/archiva-docs:898632
+/archiva/tags/archiva-1.3.2/archiva-docs:1040400
+/archiva/trunk/archiva-docs:900342,909454-909456,917398,917519,919307,1039228

Modified: archiva/branches/archiva-1.3.x/archiva-docs/src/site/apt/release-notes.apt
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/archiva-docs/src/site/apt/release-notes.apt?rev=1040401&r1=1040400&r2=1040401&view=diff
==============================================================================
--- archiva/branches/archiva-1.3.x/archiva-docs/src/site/apt/release-notes.apt (original)
+++ archiva/branches/archiva-1.3.x/archiva-docs/src/site/apt/release-notes.apt Tue Nov 30 03:45:42 2010
@@ -22,6 +22,12 @@ Release Notes for Archiva 1.3.2
     <<<wrapper.conf>>>, please update it for compatibility with the version distributed
     with the current release.
 
+* Security Vulnerabilities
+
+  * A CSRF security vulnerability fix is available in 1.3.2. It is important that users using lower versions of Archiva 
+    upgrade to this version (or higher).
+
+
 * New in Archiva 1.3
 
 ** Forced re-scan
@@ -43,8 +49,16 @@ Release Notes for Archiva 1.3.2
 
 * Release Notes
 
-  The Archiva 1.3.1 feature set can be seen in the {{{tour/index.html} feature tour}}.
-  
+  The Archiva 1.3.2 feature set can be seen in the {{{tour/index.html} feature tour}}.
+
+* Changes in Archiva 1.3.2
+
+  Released: <<29 November 2010>>
+
+** Bug
+
+    * [MRM-1438] - CSRF vulnerability - Archiva doesn't check which form sends credentials
+
 * Changes in Archiva 1.3.1
 
   Released: <<11 June 2010>>