You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by oc...@apache.org on 2010/11/30 04:41:31 UTC
svn commit: r1040400 -
/archiva/tags/archiva-1.3.2/archiva-docs/src/site/apt/release-notes.apt
Author: oching
Date: Tue Nov 30 03:41:31 2010
New Revision: 1040400
URL: http://svn.apache.org/viewvc?rev=1040400&view=rev
Log:
updated release notes
Modified:
archiva/tags/archiva-1.3.2/archiva-docs/src/site/apt/release-notes.apt
Modified: archiva/tags/archiva-1.3.2/archiva-docs/src/site/apt/release-notes.apt
URL: http://svn.apache.org/viewvc/archiva/tags/archiva-1.3.2/archiva-docs/src/site/apt/release-notes.apt?rev=1040400&r1=1040399&r2=1040400&view=diff
==============================================================================
--- archiva/tags/archiva-1.3.2/archiva-docs/src/site/apt/release-notes.apt (original)
+++ archiva/tags/archiva-1.3.2/archiva-docs/src/site/apt/release-notes.apt Tue Nov 30 03:41:31 2010
@@ -22,6 +22,12 @@ Release Notes for Archiva 1.3.2
<<<wrapper.conf>>>, please update it for compatibility with the version distributed
with the current release.
+* Security Vulnerabilities
+
+ * A CSRF security vulnerability fix is available in 1.3.2. It is important that users using lower versions of Archiva
+ upgrade to this version (or higher).
+
+
* New in Archiva 1.3
** Forced re-scan
@@ -43,8 +49,16 @@ Release Notes for Archiva 1.3.2
* Release Notes
- The Archiva 1.3.1 feature set can be seen in the {{{tour/index.html} feature tour}}.
-
+ The Archiva 1.3.2 feature set can be seen in the {{{tour/index.html} feature tour}}.
+
+* Changes in Archiva 1.3.2
+
+ Released: <<29 November 2010>>
+
+** Bug
+
+ * [MRM-1438] - CSRF vulnerability - Archiva doesn't check which form sends credentials
+
* Changes in Archiva 1.3.1
Released: <<11 June 2010>>