You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2016/05/27 15:43:32 UTC

qpid-site git commit: Update release notes for Qpid Java 6.0.3

Repository: qpid-site
Updated Branches:
  refs/heads/asf-site 2069e43da -> fa6be03d2


Update release notes for Qpid Java 6.0.3


Project: http://git-wip-us.apache.org/repos/asf/qpid-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-site/commit/fa6be03d
Tree: http://git-wip-us.apache.org/repos/asf/qpid-site/tree/fa6be03d
Diff: http://git-wip-us.apache.org/repos/asf/qpid-site/diff/fa6be03d

Branch: refs/heads/asf-site
Commit: fa6be03d2f1786818c94b7e390f7ac279eddd4ff
Parents: 2069e43
Author: Alex Rudyy <or...@apache.org>
Authored: Fri May 27 16:42:10 2016 +0100
Committer: Alex Rudyy <or...@apache.org>
Committed: Fri May 27 16:42:10 2016 +0100

----------------------------------------------------------------------
 content/releases/qpid-java-6.0.3/release-notes.html | 6 ++++--
 input/releases/qpid-java-6.0.3/release-notes.md     | 8 +++++---
 2 files changed, 9 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-site/blob/fa6be03d/content/releases/qpid-java-6.0.3/release-notes.html
----------------------------------------------------------------------
diff --git a/content/releases/qpid-java-6.0.3/release-notes.html b/content/releases/qpid-java-6.0.3/release-notes.html
index f772cc3..83dda93 100644
--- a/content/releases/qpid-java-6.0.3/release-notes.html
+++ b/content/releases/qpid-java-6.0.3/release-notes.html
@@ -120,6 +120,8 @@ https://github.com/apache/qpid-proton/blob/go1{/dir}/{file}#L{line}"/>
 broker written in Java that stores, routes, and forwards messages
 using AMQP.</p>
 
+<p><strong>Note</strong>: This release addresses security vulnerabilities CVE-2016-3094 and CVE-2016-4432.</p>
+
 <p>For more information about this release, including download links and
 documentation, see the <a href="index.html">release overview</a>.</p>
 
@@ -131,7 +133,6 @@ documentation, see the <a href="index.html">release overview</a>.</p>
 <li><a href="https://issues.apache.org/jira/browse/QPID-7211">QPID-7211</a> - [Java Broker, WMC] Do not transfer inherited context variables</li>
 <li><a href="https://issues.apache.org/jira/browse/QPID-7216">QPID-7216</a> - [Java Broker, WMC] add new ManagedOperation to retrieve Connections less verbose</li>
 <li><a href="https://issues.apache.org/jira/browse/QPID-7255">QPID-7255</a> - Support delivery delay</li>
-<li><a href="https://issues.apache.org/jira/browse/QPID-7271">QPID-7271</a> - Improve exception handling for PlainSaslServer</li>
 </ul>
 
 <h2 id="bugs-fixed">Bugs fixed</h2>
@@ -142,11 +143,12 @@ documentation, see the <a href="index.html">release overview</a>.</p>
 <li><a href="https://issues.apache.org/jira/browse/QPID-7231">QPID-7231</a> - Example of REST call to invoke the Queue clear queue operation is incorrect</li>
 <li><a href="https://issues.apache.org/jira/browse/QPID-7237">QPID-7237</a> - Excessive threads creation when suspending/resuming flow</li>
 <li><a href="https://issues.apache.org/jira/browse/QPID-7253">QPID-7253</a> - [Java Client 0-10] Application allowed to create new JMS session whilst failover is in progress</li>
-<li><a href="https://issues.apache.org/jira/browse/QPID-7257">QPID-7257</a> - [Java Broker] Correct connection state logging</li>
+<li><a href="https://issues.apache.org/jira/browse/QPID-7257">QPID-7257</a> - [CVE-2016-4432] [Java Broker] Prevent possibility of by-passed authentication in AMQP 0-8..0-10 protocol implementations</li>
 <li><a href="https://issues.apache.org/jira/browse/QPID-7260">QPID-7260</a> - apache-release profile fails under JDK 1.8 due to javadoc errors</li>
 <li><a href="https://issues.apache.org/jira/browse/QPID-7267">QPID-7267</a> - [Java Broker] Content-Length header is set incorrectly when using compression</li>
 <li><a href="https://issues.apache.org/jira/browse/QPID-7268">QPID-7268</a> - message sent over 0-10 can't be received over 1.0</li>
 <li><a href="https://issues.apache.org/jira/browse/QPID-7269">QPID-7269</a> - broker issues disposition for delivery that is already settled</li>
+<li><a href="https://issues.apache.org/jira/browse/QPID-7271">QPID-7271</a> - [CVE-2016-3094] Prevent DoS from PlainSaslServer</li>
 </ul>
 
 <h2 id="tasks">Tasks</h2>

http://git-wip-us.apache.org/repos/asf/qpid-site/blob/fa6be03d/input/releases/qpid-java-6.0.3/release-notes.md
----------------------------------------------------------------------
diff --git a/input/releases/qpid-java-6.0.3/release-notes.md b/input/releases/qpid-java-6.0.3/release-notes.md
index 8f68fee..8e7c396 100644
--- a/input/releases/qpid-java-6.0.3/release-notes.md
+++ b/input/releases/qpid-java-6.0.3/release-notes.md
@@ -23,6 +23,8 @@ Qpid Java offers an AMQP-fluent implementation of JMS and a message
 broker written in Java that stores, routes, and forwards messages
 using AMQP.
 
+**Note**: This release addresses security vulnerabilities CVE-2016-3094 and CVE-2016-4432.
+
 For more information about this release, including download links and
 documentation, see the [release overview](index.html).
 
@@ -34,7 +36,6 @@ documentation, see the [release overview](index.html).
  - [QPID-7211](https://issues.apache.org/jira/browse/QPID-7211) - [Java Broker, WMC] Do not transfer inherited context variables
  - [QPID-7216](https://issues.apache.org/jira/browse/QPID-7216) - [Java Broker, WMC] add new ManagedOperation to retrieve Connections less verbose
  - [QPID-7255](https://issues.apache.org/jira/browse/QPID-7255) - Support delivery delay
- - [QPID-7271](https://issues.apache.org/jira/browse/QPID-7271) - Improve exception handling for PlainSaslServer
 
 ## Bugs fixed
 
@@ -43,13 +44,14 @@ documentation, see the [release overview](index.html).
  - [QPID-7231](https://issues.apache.org/jira/browse/QPID-7231) - Example of REST call to invoke the Queue clear queue operation is incorrect
  - [QPID-7237](https://issues.apache.org/jira/browse/QPID-7237) - Excessive threads creation when suspending/resuming flow
  - [QPID-7253](https://issues.apache.org/jira/browse/QPID-7253) - [Java Client 0-10] Application allowed to create new JMS session whilst failover is in progress
- - [QPID-7257](https://issues.apache.org/jira/browse/QPID-7257) - [Java Broker] Correct connection state logging
+ - [QPID-7257](https://issues.apache.org/jira/browse/QPID-7257) - [CVE-2016-4432] [Java Broker] Prevent possibility of by-passed authentication in AMQP 0-8..0-10 protocol implementations
  - [QPID-7260](https://issues.apache.org/jira/browse/QPID-7260) - apache-release profile fails under JDK 1.8 due to javadoc errors
  - [QPID-7267](https://issues.apache.org/jira/browse/QPID-7267) - [Java Broker] Content-Length header is set incorrectly when using compression
  - [QPID-7268](https://issues.apache.org/jira/browse/QPID-7268) - message sent over 0-10 can't be received over 1.0
  - [QPID-7269](https://issues.apache.org/jira/browse/QPID-7269) - broker issues disposition for delivery that is already settled
+ - [QPID-7271](https://issues.apache.org/jira/browse/QPID-7271) - [CVE-2016-3094] Prevent DoS from PlainSaslServer
 
 ## Tasks
 
  - [QPID-7265](https://issues.apache.org/jira/browse/QPID-7265) - migrate the AMQP 0-10 JMS client docs out of the old combined doc book.
- - [QPID-7266](https://issues.apache.org/jira/browse/QPID-7266) - RAT check fails on release archive due to generated file
\ No newline at end of file
+ - [QPID-7266](https://issues.apache.org/jira/browse/QPID-7266) - RAT check fails on release archive due to generated file


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org