summaryrefslogtreecommitdiffstats
path: root/archiva-docs/src/site/apt/release-notes.apt
diff options
context:
space:
mode:
authorBrett Porter <brett@apache.org>2011-04-12 07:16:34 +0000
committerBrett Porter <brett@apache.org>2011-04-12 07:16:34 +0000
commit58d905941b9522e830c6e13b3a850b5cc637679e (patch)
treeefc91986ae30bd13aed14aba23b77daaa8096cc0 /archiva-docs/src/site/apt/release-notes.apt
parent76289acb8d77d6bd543d2d5fe4a109e40e1c0f73 (diff)
downloadarchiva-58d905941b9522e830c6e13b3a850b5cc637679e.tar.gz
archiva-58d905941b9522e830c6e13b3a850b5cc637679e.zip
[MRM-1480]/[REDBACK-274] (CVE-2011-1026)
o upgrade to redback 1.2.8-SNAPSHOT o configured struts2's token interceptor + use of <s:token> in affected actions to prevent CSRF issue [MRM-1460] added selenium tests for CSRF fixes in affected pages Merged: r1066067:1091313 git-svn-id: https://svn.apache.org/repos/asf/archiva/trunk@1091315 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'archiva-docs/src/site/apt/release-notes.apt')
-rw-r--r--archiva-docs/src/site/apt/release-notes.apt30
1 files changed, 30 insertions, 0 deletions
diff --git a/archiva-docs/src/site/apt/release-notes.apt b/archiva-docs/src/site/apt/release-notes.apt
index 03784f274..e0fe6d570 100644
--- a/archiva-docs/src/site/apt/release-notes.apt
+++ b/archiva-docs/src/site/apt/release-notes.apt
@@ -19,6 +19,26 @@ Release Notes for Archiva 1.4
~~TODO
+* Compatibility Changes
+
+ * If upgrading from versions of Archiva earlier than 1.2.2, the list of libraries
+ in <<<wrapper.conf>>> has changed. If you have customized your copy of
+ <<<wrapper.conf>>>, please update it for compatibility with the version distributed
+ with the current release.
+
+* Security Vulnerabilities
+
+ * A CSRF security vulnerability (CVE-2010-3449) is present in 1.3.2 and earlier.
+
+ * An XSS security vulnerability (CVE-2011-0533) is present in 1.3.3 and earlier.
+
+ * Additional CSRF (CVE-2011-1026) and XSS security (CVE-2011-1077) vulnerabilities have been reported against 1.3.4
+ and earlier versions.
+
+ It is important that users using lower versions of Archiva upgrade to this version (or higher).
+
+ See {{{http://archiva.apache.org/security.html} Archiva Security}} for more details.
+
* Release Notes
The Archiva 1.4 feature set can be seen in the {{{tour/index.html} feature tour}}.
@@ -29,6 +49,16 @@ Release Notes for Archiva 1.4
~~TODO
+Previous Releases
+
+* Changes in Archiva 1.3.5
+
+ Released: <<14 March 2011>>
+
+** Task
+
+ * [MRM-1460] - Upgrade Archiva to Redback 1.2.7
+
* Changes in Archiva 1.3.4
Released: <<9 February 2011>>