diff options
| author | Jonatan Kronqvist <jonatan.kronqvist@itmill.com> | 2011-09-28 10:42:22 +0000 |
|---|---|---|
| committer | Jonatan Kronqvist <jonatan.kronqvist@itmill.com> | 2011-09-28 10:42:22 +0000 |
| commit | 95b32ab60e99e16db5bb6911ce102ea77fc0d57b (patch) | |
| tree | 38abd918044a005da9950ad9b97ec8cdd4735720 | |
| parent | 950dd5491f40fcb1f99112d7e2cb66ab4c4a5554 (diff) | |
| download | vaadin-framework-95b32ab60e99e16db5bb6911ce102ea77fc0d57b.tar.gz vaadin-framework-95b32ab60e99e16db5bb6911ce102ea77fc0d57b.zip | |
Updated release notes for 6.6.7
svn changeset:21407/svn branch:6.6
| -rw-r--r-- | WebContent/release-notes.html | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/WebContent/release-notes.html b/WebContent/release-notes.html index 9f11093091..a65b8459fb 100644 --- a/WebContent/release-notes.html +++ b/WebContent/release-notes.html @@ -57,6 +57,14 @@ widget sets and refresh your project in Eclipse. If you are upgrading from package). See <a href="#upgrading">General Upgrade Instructions</a> for more details on upgrading.</p> <!-- ====================================================================== --> +<h3>Security fixes in Vaadin Framework 6.6.7</h3> +<ul> + <li><a href="http://dev.vaadin.com/ticket/7669">#7669</a> CSRF/XSS vulnerability through separator injection</li> + <li><a href="http://dev.vaadin.com/ticket/7670">#7670</a> Directory traversal vulnerability</li> + <li><a href="http://dev.vaadin.com/ticket/7671">#7671</a> Contributory XSS: Possibility to inject HTML/JavaScript in system error messages</li> + <li><a href="http://dev.vaadin.com/ticket/7672">#7672</a> Contributory XSS: possibility for injection in certain components</li> +</ul> + <h3>Enhancements in Vaadin Framework 6.6</h3> <p>General enhancements:</p> @@ -100,6 +108,25 @@ package). See <a href="#upgrading">General Upgrade Instructions</a> for more det <li>Server communication methods in <b>ApplicationConnection</b> can now be overridden (<a href="http://dev.vaadin.com/ticket/6885">#6885</a>)</li> </ul> +<h3>Fixes in Vaadin @version@</h3> + <p> + #7669 CSRF/XSS vulnerability through separator injection + #7670 Directory traversal vulnerability through AbstractApplicationServlet.serveStaticResourcesInVAADIN() + #7671 Contributory XSS: Possibility to inject HTML/javascript in system error messages + #7541 Table.setColumnCollapsed("id",true) will cleared PropertyDataSource for any fields in table item properties + #7672 Contributory XSS: possibility for injection in certain components + #3125 Portlet size is not updated when window is resized + #6420 Solution for menu too long. + #7560 ComboBox: Writing the name of a new item and clicking on drop down menu works inconsistently. + #7653 Update screenshots for Safari 5.1 + #7654 Update screenshots for Safari 5.1 + </p> + <p> + The <a + href="http://dev.vaadin.com/query?status=closed&type=defect&milestone=Vaadin+6.7.0.rc1&or&status=closed&type=defect&milestone=Vaadin+6.7.0.beta1&group=status&col=id&col=summary&col=owner&col=type&col=priority&col=component&col=version&order=priority">full + details of the defects</a> can be found at dev.vaadin.com. + </p> + <h3>Backward-Incompatible Changes in Vaadin Framework 6.6</h3> <ul> |