merge -c 1040400 from 1.3.2 tag

author Maria Odea B. Ching <oching@apache.org>

Tue, 30 Nov 2010 03:45:42 +0000 (03:45 +0000)

committer Maria Odea B. Ching <oching@apache.org>

Tue, 30 Nov 2010 03:45:42 +0000 (03:45 +0000)
author Maria Odea B. Ching <oching@apache.org>
Tue, 30 Nov 2010 03:45:42 +0000 (03:45 +0000)
committer Maria Odea B. Ching <oching@apache.org>
Tue, 30 Nov 2010 03:45:42 +0000 (03:45 +0000)
diff --git a/archiva-docs/src/site/apt/release-notes.apt b/archiva-docs/src/site/apt/release-notes.apt

index dcaef38e3826c98d864543358607df3d7ba29e3c..24298e519bdbcbc0756ab6645a8ea8288d8b3bbd 100644 (file)
--- a/archiva-docs/src/site/apt/release-notes.apt
+++ b/archiva-docs/src/site/apt/release-notes.apt
@@ -22,6 +22,12 @@ Release Notes for Archiva 1.3.2
      <<<wrapper.conf>>>, please update it for compatibility with the version distributed
      with the current release.
  
+* Security Vulnerabilities
+
+  * A CSRF security vulnerability fix is available in 1.3.2. It is important that users using lower versions of Archiva 
+    upgrade to this version (or higher).
+
+
  * New in Archiva 1.3
  
  ** Forced re-scan
@@ -43,8 +49,16 @@ Release Notes for Archiva 1.3.2
  
  * Release Notes
  
-  The Archiva 1.3.1 feature set can be seen in the {{{tour/index.html} feature tour}}.
-  
+  The Archiva 1.3.2 feature set can be seen in the {{{tour/index.html} feature tour}}.
+
+* Changes in Archiva 1.3.2
+
+  Released: <<29 November 2010>>
+
+** Bug
+
+    * [MRM-1438] - CSRF vulnerability - Archiva doesn't check which form sends credentials
+
  * Changes in Archiva 1.3.1
  
    Released: <<11 June 2010>>
author	Maria Odea B. Ching <oching@apache.org>
	Tue, 30 Nov 2010 03:45:42 +0000 (03:45 +0000)
committer	Maria Odea B. Ching <oching@apache.org>
	Tue, 30 Nov 2010 03:45:42 +0000 (03:45 +0000)