You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2013/06/18 16:32:31 UTC
[12/41] git commit: updated refs/heads/1832-fix-empty-attachment-name
to ad774b6
Correcting NEWS and CHANGES discrepancies
Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/22ea84e2
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/22ea84e2
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/22ea84e2
Branch: refs/heads/1832-fix-empty-attachment-name
Commit: 22ea84e2c17af7b70b9f6ba861f94b726aff8278
Parents: 891f162
Author: Noah Slater <ns...@apache.org>
Authored: Wed Feb 27 19:21:05 2013 +0000
Committer: Noah Slater <ns...@apache.org>
Committed: Wed Feb 27 19:21:05 2013 +0000
----------------------------------------------------------------------
NEWS | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb/blob/22ea84e2/NEWS
----------------------------------------------------------------------
diff --git a/NEWS b/NEWS
index bb7e4a7..625862e 100644
--- a/NEWS
+++ b/NEWS
@@ -74,6 +74,26 @@ This release contains backwards incompatible changes.
* Log correct stacktrace in all cases.
* Improvements to log messages for file-related errors.
+Version 1.1.2
+-------------
+
+* Fixed CVE-2012-5641: Apache CouchDB Information disclosure via unescaped
+ backslashes in URLs on Windows
+* Fixed CVE-2012-5649: Apache CouchDB JSONP arbitrary code execution with Adobe
+ Flash
+* Fixed CVE-2012-5650: Apache CouchDB DOM based Cross-Site Scripting via Futon
+ UI
+* ETag of attachment changes only when the attachment changes, not
+ the document.
+* Fix pull replication of documents with many revisions.
+* Fix replication with an HTTP source and target
+* Avoid invalidating view indexes when running out of file descriptors.
+* Improvements to log messages for file-related errors.
+* Fix retrieval of headers larger than 4k.
+* Allow OPTIONS HTTP method for list requests.
+* Don't attempt to encode invalid json.
+* Improve SpiderMonkey version detection.
+
Version 1.1.1
-------------