You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by br...@apache.org on 2013/01/07 11:40:45 UTC
svn commit: r1429742 - in
/archiva/branches/archiva-1.3.x/archiva-docs/src/site:
apt/release-notes.apt site.xml
Author: brett
Date: Mon Jan 7 10:40:44 2013
New Revision: 1429742
URL: http://svn.apache.org/viewvc?rev=1429742&view=rev
Log:
update release notes
Modified:
archiva/branches/archiva-1.3.x/archiva-docs/src/site/apt/release-notes.apt
archiva/branches/archiva-1.3.x/archiva-docs/src/site/site.xml
Modified: archiva/branches/archiva-1.3.x/archiva-docs/src/site/apt/release-notes.apt
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/archiva-docs/src/site/apt/release-notes.apt?rev=1429742&r1=1429741&r2=1429742&view=diff
==============================================================================
--- archiva/branches/archiva-1.3.x/archiva-docs/src/site/apt/release-notes.apt (original)
+++ archiva/branches/archiva-1.3.x/archiva-docs/src/site/apt/release-notes.apt Mon Jan 7 10:40:44 2013
@@ -1,10 +1,10 @@
-----
- Release Notes for Archiva 1.3.5
+ Release Notes for Archiva 1.3.6
-----
-Release Notes for Archiva 1.3.5
+Release Notes for Archiva 1.3.6
- The Apache Archiva team would like to announce the release of Archiva 1.3.5. Archiva is {{{http://archiva.apache.org/download.html}
+ The Apache Archiva team would like to announce the release of Archiva 1.3.6. Archiva is {{{http://archiva.apache.org/download.html}
available for download from the web site}}.
Archiva is an application for managing one or more remote repositories, including administration, artifact handling, browsing and searching.
@@ -24,13 +24,16 @@ Release Notes for Archiva 1.3.5
* Security Vulnerabilities
- * A CSRF security vulnerability (CVE-2010-3449) is present in 1.3.2 and earlier.
-
- * An XSS security vulnerability (CVE-2011-0533) is present in 1.3.3 and earlier.
+ * A remote code execution (CVE-2010-1870) vulnerability has been reported against 1.3.5
+ and earlier versions.
- * Additional CSRF (CVE-2011-1026) and XSS security (CVE-2011-1077) vulnerabilities have been reported against 1.3.4
+ * CSRF (CVE-2011-1026) and XSS security (CVE-2011-1077) vulnerabilities have been reported against 1.3.4
and earlier versions.
+ * An XSS security vulnerability (CVE-2011-0533) is present in 1.3.3 and earlier.
+
+ * A CSRF security vulnerability (CVE-2010-3449) is present in 1.3.2 and earlier.
+
It is important that users using lower versions of Archiva upgrade to this version (or higher).
See {{{http://archiva.apache.org/security.html} Archiva Security}} for more details.
@@ -56,7 +59,15 @@ Release Notes for Archiva 1.3.5
* Release Notes
- The Archiva 1.3.5 feature set can be seen in the {{{tour/index.html} feature tour}}.
+ The Archiva 1.3.6 feature set can be seen in the {{{tour/index.html} feature tour}}.
+
+* Changes in Archiva 1.3.6
+
+ Released: <<7 January 2013>>
+
+** Bug
+
+ * [MRM-1738] - defaultStack requires a stronger blacklist of parameter names in the param interceptor
* Changes in Archiva 1.3.5
Modified: archiva/branches/archiva-1.3.x/archiva-docs/src/site/site.xml
URL: http://svn.apache.org/viewvc/archiva/branches/archiva-1.3.x/archiva-docs/src/site/site.xml?rev=1429742&r1=1429741&r2=1429742&view=diff
==============================================================================
--- archiva/branches/archiva-1.3.x/archiva-docs/src/site/site.xml (original)
+++ archiva/branches/archiva-1.3.x/archiva-docs/src/site/site.xml Mon Jan 7 10:40:44 2013
@@ -26,7 +26,7 @@
</bannerLeft>
<body>
<breadcrumbs>
- <item name="1.3.5" href="/index.html" />
+ <item name="1.3.6" href="/index.html" />
</breadcrumbs>
<menu name="Introduction">