You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by dj...@apache.org on 2013/07/30 16:45:43 UTC
[1/5] git commit: updated refs/heads/master to a183999
Updated Branches:
refs/heads/master 3acb7815a -> a18399980
Add 1.2.1 changes to docs changelog.
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/749ddd82
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/749ddd82
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/749ddd82
Branch: refs/heads/master
Commit: 749ddd824cd6b1ab208486ba83c89b1157e45e86
Parents: 3acb781
Author: Dirkjan Ochtman <dj...@apache.org>
Authored: Tue Jul 30 16:33:00 2013 +0200
Committer: Dirkjan Ochtman <dj...@apache.org>
Committed: Tue Jul 30 16:33:00 2013 +0200
----------------------------------------------------------------------
share/doc/src/changelog.rst | 42 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 42 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/749ddd82/share/doc/src/changelog.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/changelog.rst b/share/doc/src/changelog.rst
index e9afaad..afd447d 100644
--- a/share/doc/src/changelog.rst
+++ b/share/doc/src/changelog.rst
@@ -338,6 +338,48 @@ Compression can be disabled by setting ``compression = none`` in your
``local.ini`` ``[couchdb]`` section, but the on-disk format will still be
upgraded.
+Version 1.2.1
+-------------
+
+Security
+^^^^^^^^
+
+* Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+ backslashes in URLs on Windows
+* Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe
+ Flash
+* Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+ UI
+
+HTTP Interface
+^^^^^^^^^^^^^^
+
+* No longer rewrites the X-CouchDB-Requested-Path during recursive
+ calls to the rewriter.
+* Limit recursion depth in the URL rewriter. Defaults to a maximum
+ of 100 invocations but is configurable.
+
+Build System
+^^^^^^^^^^^^
+
+* Fix couchdb start script.
+* Win: fix linker invocations.
+
+Futon
+^^^^^
+
+* Disable buttons that aren't available for the logged-in user.
+
+Replication
+^^^^^^^^^^^
+
+* Fix potential timeouts.
+
+View System
+^^^^^^^^^^^
+
+* Change use of signals to avoid broken view groups.
+
Version 1.2.0
-------------
[3/5] git commit: updated refs/heads/master to a183999
Posted by dj...@apache.org.
Add 1.0.4 changes to docs changelog.
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/af2eb0ce
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/af2eb0ce
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/af2eb0ce
Branch: refs/heads/master
Commit: af2eb0ce3ee50515e1d218cdebc79d1c4f5a85fb
Parents: e8cf5f1
Author: Dirkjan Ochtman <dj...@apache.org>
Authored: Tue Jul 30 16:38:06 2013 +0200
Committer: Dirkjan Ochtman <dj...@apache.org>
Committed: Tue Jul 30 16:38:06 2013 +0200
----------------------------------------------------------------------
share/doc/src/changelog.rst | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/af2eb0ce/share/doc/src/changelog.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/changelog.rst b/share/doc/src/changelog.rst
index 4b2dee8..0ba4ad0 100644
--- a/share/doc/src/changelog.rst
+++ b/share/doc/src/changelog.rst
@@ -636,6 +636,40 @@ View Server
:depth: 1
:local:
+Version 1.0.4
+-------------
+
+Security
+^^^^^^^^
+
+* Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+ backslashes in URLs on Windows.
+* Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with
+ Adobe Flash.
+* Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+ UI.
+
+Log System
+^^^^^^^^^^
+
+* Fix file descriptor leak in `_log`.
+
+HTTP Interface
+^^^^^^^^^^^^^^
+
+* Fix missing revisions in `_changes?style=all_docs`.
+* Fix validation of attachment names.
+
+View System
+^^^^^^^^^^^
+
+* Avoid invalidating view indexes when running out of file descriptors.
+
+Replicator
+^^^^^^^^^^
+
+* Fix a race condition where replications can go stale.
+
Version 1.0.3
-------------
[2/5] git commit: updated refs/heads/master to a183999
Posted by dj...@apache.org.
Add 1.1.2 changes to docs changelog.
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/e8cf5f14
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/e8cf5f14
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/e8cf5f14
Branch: refs/heads/master
Commit: e8cf5f142b76ecec01e807dbb749f6875e358f57
Parents: 749ddd8
Author: Dirkjan Ochtman <dj...@apache.org>
Authored: Tue Jul 30 16:36:13 2013 +0200
Committer: Dirkjan Ochtman <dj...@apache.org>
Committed: Tue Jul 30 16:36:13 2013 +0200
----------------------------------------------------------------------
share/doc/src/changelog.rst | 45 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/e8cf5f14/share/doc/src/changelog.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/changelog.rst b/share/doc/src/changelog.rst
index afd447d..4b2dee8 100644
--- a/share/doc/src/changelog.rst
+++ b/share/doc/src/changelog.rst
@@ -492,6 +492,51 @@ OAuth
:depth: 1
:local:
+Version 1.1.2
+-------------
+
+Security
+^^^^^^^^
+
+* Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+ backslashes in URLs on Windows.
+* Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with
+ Adobe Flash.
+* Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+ UI.
+
+HTTP Interface
+^^^^^^^^^^^^^^
+
+* ETag of attachment changes only when the attachment changes, not
+ the document.
+* Fix retrieval of headers larger than 4k.
+* Allow OPTIONS HTTP method for list requests.
+* Don't attempt to encode invalid json.
+
+Replicator
+^^^^^^^^^^
+
+* Fix pull replication of documents with many revisions.
+* Fix replication from an HTTP source to an HTTP target.
+
+View Server
+^^^^^^^^^^^
+
+* Avoid invalidating view indexes when running out of file descriptors.
+
+Log System
+^^^^^^^^^^
+
+* Improvements to log messages for file-related errors.
+
+Build System
+^^^^^^^^^^^^
+
+* Don't `ln` the `couchjs` install target on Windows
+* Remove ICU version dependency on Windows.
+* Improve SpiderMonkey version detection.
+
Version 1.1.1
-------------
[4/5] git commit: updated refs/heads/master to a183999
Posted by dj...@apache.org.
Add security section to 1.0.2 changelog.
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/f03bfb49
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/f03bfb49
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/f03bfb49
Branch: refs/heads/master
Commit: f03bfb496e49136c3a2c26af689fb9829bd3361f
Parents: af2eb0c
Author: Dirkjan Ochtman <dj...@apache.org>
Authored: Tue Jul 30 16:39:48 2013 +0200
Committer: Dirkjan Ochtman <dj...@apache.org>
Committed: Tue Jul 30 16:39:48 2013 +0200
----------------------------------------------------------------------
share/doc/src/changelog.rst | 5 +++++
1 file changed, 5 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/f03bfb49/share/doc/src/changelog.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/changelog.rst b/share/doc/src/changelog.rst
index 0ba4ad0..e30edf1 100644
--- a/share/doc/src/changelog.rst
+++ b/share/doc/src/changelog.rst
@@ -728,6 +728,11 @@ Windows
Version 1.0.2
-------------
+Security
+^^^^^^^^
+
+* Fixed CVE-2010-3854: Apache CouchDB Cross Site Scripting Issue.
+
Futon
^^^^^
[5/5] git commit: updated refs/heads/master to a183999
Posted by dj...@apache.org.
Mention CVE in 0.11.2 changelog.
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/a1839998
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/a1839998
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/a1839998
Branch: refs/heads/master
Commit: a18399980c7d293c3ac15350c1c9b0e1071d0b96
Parents: f03bfb4
Author: Dirkjan Ochtman <dj...@apache.org>
Authored: Tue Jul 30 16:42:24 2013 +0200
Committer: Dirkjan Ochtman <dj...@apache.org>
Committed: Tue Jul 30 16:42:24 2013 +0200
----------------------------------------------------------------------
share/doc/src/changelog.rst | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/a1839998/share/doc/src/changelog.rst
----------------------------------------------------------------------
diff --git a/share/doc/src/changelog.rst b/share/doc/src/changelog.rst
index e30edf1..f83eaca 100644
--- a/share/doc/src/changelog.rst
+++ b/share/doc/src/changelog.rst
@@ -799,6 +799,11 @@ View Server
Version 1.0.1
-------------
+Security
+^^^^^^^^
+
+* Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack.
+
Authentication
^^^^^^^^^^^^^^
@@ -870,6 +875,12 @@ View Server
Version 0.11.2
--------------
+Security
+^^^^^^^^
+
+* Fixed CVE-2010-2234: Apache CouchDB Cross Site Request Forgery Attack.
+* Avoid potential DOS attack by guarding all creation of atoms.
+
Authentication
^^^^^^^^^^^^^^
@@ -893,11 +904,6 @@ Replicator
* Fix bug when pulling design documents from a source that requires
basic-auth.
-Security
-^^^^^^^^
-
-* Avoid potential DOS attack by guarding all creation of atoms.
-
Version 0.11.1
--------------