You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ph...@apache.org on 2018/07/30 23:54:42 UTC
svn commit: r1837096 - /subversion/site/publish/docs/release-notes/1.10.html
Author: philip
Date: Mon Jul 30 23:54:42 2018
New Revision: 1837096
URL: http://svn.apache.org/viewvc?rev=1837096&view=rev
Log:
* publish/docs/release-notes/1.10.html
(#new-feature-compatibility-table): Link to #authz-compatibility.
(#authz-compatibility): New, describe authz compatibility concerns.
(#authzperf, #issue-svn-4762): Link to #authz-compatibility.
Modified:
subversion/site/publish/docs/release-notes/1.10.html
Modified: subversion/site/publish/docs/release-notes/1.10.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/release-notes/1.10.html?rev=1837096&r1=1837095&r2=1837096&view=diff
==============================================================================
--- subversion/site/publish/docs/release-notes/1.10.html (original)
+++ subversion/site/publish/docs/release-notes/1.10.html Mon Jul 30 23:54:42 2018
@@ -114,7 +114,7 @@ and what impact these changes may have.<
<td>any</td>
<td>1.10</td>
<td>any</td>
- <td>Existing authz configurations may need to be adjusted.</td></tr>
+ <td><a href="#authz-compatibility">Existing authz configurations</a> may need to be adjusted.</td></tr>
<tr>
<td>
<a href="#conflict-resolver">New interactive conflict resolver</a>
@@ -226,6 +226,66 @@ should refer to the
</div> <!-- this-release-is-1.10 -->
+<div class="h4" id="authz-compatibility">
+<h4>New path-based authorization compatibility
+ <a class="sectionlink" href="#authz-compatibility"
+ title="Link to this section">¶</a>
+</h4>
+
+<p>The <a href="#authzperf">impoved path-based authorization</a>
+ changes the behaviour of some existing authz files.</p>
+
+<p>The 1.9 and earlier implementations allowed multiple rules for the
+same path:</p>
+
+<pre>
+ [/some/path]
+ userA = r
+ [/some/path]
+ userB = rw
+</pre>
+
+<p>In 1.9 this would define access for both <tt>userA</tt>
+and <tt>userB</tt>, in 1.10 this raises an error and no access is
+possible.</p>
+
+<p>The 1.9 and earlier implementations allowed multiple entries
+matching the same name, alias or group and the last match applied:</p>
+
+<pre>
+ [/some/path]
+ user = rw
+ user = r
+ &alias = rw
+ &alias = r
+ @group = rw
+ @group = r
+</pre>
+
+<p>In 1.9 the final, read-only, match
+for <tt>user</tt>, <tt>&alias</tt> and <tt>@group</tt> would be
+selected while 1.10 combines all the lines to give read-write access.
+The 1.10 implementation may change in future 1.10.x releases, perhaps
+to make this case an error.</p>
+
+<p>The 1.9 implementation combined the global and per-repository rules
+for the same path:</p>
+
+<pre>
+ [/some/path]
+ userA = rw
+ [repository:/some/path]
+ userB = r
+</pre>
+
+<p>In 1.9 this would define access for both <tt>userA</tt>
+and <tt>userB</tt>, in 1.10 the per-repository rule override the
+global rule and this only defines access for <tt>userB</tt>. The 1.10
+implementation may change in future 1.10.x releases, but the exact
+change is still being discussed on the dev mailing list.</p>
+
+</div> <!-- authz-compatibility -->
+
<div class="h4" id="svnadmin-LOCK_PATH-canonical">
<h4><tt>svnadmin</tt> subcommands print locked paths differently
<a class="sectionlink" href="#svnadmin-LOCK_PATH-canonical"
@@ -309,7 +369,8 @@ In particular, the behaviour of builds <
title="Link to this section">¶</a>
</h3>
<p> Subversion 1.10 provides a new implementation of path-based authorization
- with improved performance and wildcard support.</p>
+ with improved performance and wildcard support. There are some
+ <a href="#authz-compatibility">compatibility</a> issues.</p>
<p>Existing authz rules come in two flavours, repository-specific and global:
<pre>
@@ -959,7 +1020,8 @@ tracker</a> for details and for other is
<a class="sectionlink" href="#issue-svn-4762"
title="Link to this section">¶</a>
</h3>
-<p>Broken in 1.10.0 and 1.10.1.</p>
+<p>Broken in 1.10.0 and 1.10.1. See also
+ <a href="#authz-compatibility">path-based authorization compatibility</a>.</p>
</div>
</div> <!-- issues -->