From 23998262593f6da23d4e7e7665c3cff8858f2975 Mon Sep 17 00:00:00 2001
From: "Maria Odea B. Ching" <oching@apache.org>
Date: Tue, 30 Nov 2010 03:41:31 +0000
Subject: [PATCH] updated release notes

git-svn-id: https://svn.apache.org/repos/asf/archiva/tags/archiva-1.3.2@1040400 13f79535-47bb-0310-9956-ffa450edef68
---
 archiva-docs/src/site/apt/release-notes.apt | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/archiva-docs/src/site/apt/release-notes.apt b/archiva-docs/src/site/apt/release-notes.apt
index dcaef38e3..24298e519 100644
--- a/archiva-docs/src/site/apt/release-notes.apt
+++ b/archiva-docs/src/site/apt/release-notes.apt
@@ -22,6 +22,12 @@ Release Notes for Archiva 1.3.2
     <<<wrapper.conf>>>, please update it for compatibility with the version distributed
     with the current release.
 
+* Security Vulnerabilities
+
+  * A CSRF security vulnerability fix is available in 1.3.2. It is important that users using lower versions of Archiva 
+    upgrade to this version (or higher).
+
+
 * New in Archiva 1.3
 
 ** Forced re-scan
@@ -43,8 +49,16 @@ Release Notes for Archiva 1.3.2
 
 * Release Notes
 
-  The Archiva 1.3.1 feature set can be seen in the {{{tour/index.html} feature tour}}.
-  
+  The Archiva 1.3.2 feature set can be seen in the {{{tour/index.html} feature tour}}.
+
+* Changes in Archiva 1.3.2
+
+  Released: <<29 November 2010>>
+
+** Bug
+
+    * [MRM-1438] - CSRF vulnerability - Archiva doesn't check which form sends credentials
+
 * Changes in Archiva 1.3.1
 
   Released: <<11 June 2010>>
-- 
2.39.5