diff options
author | Brett Porter <brett@apache.org> | 2011-04-12 07:16:34 +0000 |
---|---|---|
committer | Brett Porter <brett@apache.org> | 2011-04-12 07:16:34 +0000 |
commit | 58d905941b9522e830c6e13b3a850b5cc637679e (patch) | |
tree | efc91986ae30bd13aed14aba23b77daaa8096cc0 /archiva-docs/src/site/apt/release-notes.apt | |
parent | 76289acb8d77d6bd543d2d5fe4a109e40e1c0f73 (diff) | |
download | archiva-58d905941b9522e830c6e13b3a850b5cc637679e.tar.gz archiva-58d905941b9522e830c6e13b3a850b5cc637679e.zip |
[MRM-1480]/[REDBACK-274] (CVE-2011-1026)
o upgrade to redback 1.2.8-SNAPSHOT
o configured struts2's token interceptor + use of <s:token> in affected actions to prevent CSRF issue
[MRM-1460] added selenium tests for CSRF fixes in affected pages
Merged: r1066067:1091313
git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1091315 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'archiva-docs/src/site/apt/release-notes.apt')
-rw-r--r-- | archiva-docs/src/site/apt/release-notes.apt | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/archiva-docs/src/site/apt/release-notes.apt b/archiva-docs/src/site/apt/release-notes.apt index 03784f274..e0fe6d570 100644 --- a/archiva-docs/src/site/apt/release-notes.apt +++ b/archiva-docs/src/site/apt/release-notes.apt @@ -19,6 +19,26 @@ Release Notes for Archiva 1.4 ~~TODO +* Compatibility Changes + + * If upgrading from versions of Archiva earlier than 1.2.2, the list of libraries + in <<<wrapper.conf>>> has changed. If you have customized your copy of + <<<wrapper.conf>>>, please update it for compatibility with the version distributed + with the current release. + +* Security Vulnerabilities + + * A CSRF security vulnerability (CVE-2010-3449) is present in 1.3.2 and earlier. + + * An XSS security vulnerability (CVE-2011-0533) is present in 1.3.3 and earlier. + + * Additional CSRF (CVE-2011-1026) and XSS security (CVE-2011-1077) vulnerabilities have been reported against 1.3.4 + and earlier versions. + + It is important that users using lower versions of Archiva upgrade to this version (or higher). + + See {{{http://archiva.apache.org/security.html} Archiva Security}} for more details. + * Release Notes The Archiva 1.4 feature set can be seen in the {{{tour/index.html} feature tour}}. @@ -29,6 +49,16 @@ Release Notes for Archiva 1.4 ~~TODO +Previous Releases + +* Changes in Archiva 1.3.5 + + Released: <<14 March 2011>> + +** Task + + * [MRM-1460] - Upgrade Archiva to Redback 1.2.7 + * Changes in Archiva 1.3.4 Released: <<9 February 2011>> |