On Fri, 25 Feb 2005, Neal Richter wrote:
Hey all,
This think we should just call it a day on version 3.2 and release it. Any objections?
I think we should at least take a look at the current bug list and see if there is anything that deserves attention before going to 3.2. I know that there is at least one major bug in SSL handling. I provided a possible fix but never received any feedback. I also didn't receive any response when I asked about getting sufficient access to apply the patch and perhaps do some other project related housekeeping. Probably just bad timing; I know everyone is very busy.
I am also aware of an argument parsing bug in the external parser code that I tracked down when following up on a problem reported on the htdig-general list. I don't think this one ever made it to the bug list.
In addition we should really follow up on the cross-site scripting vulnerability that was recently reported for ht://Dig.
http://securitytracker.com/alerts/2005/Feb/1013078.html
Gentoo, Red Hat, and Debian have already released fixes, and I don't think it has even been discussed here aside from one message asking about the vulnerability on htdig-general.
Geoff: could you create a release tarball (and maybe create a document detailed how you generaly do this)
If there is existing documentation describing the process, or someone with a clue is willing to walk me through it, I would be willing to try taking over this task for future releases.
Jim
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ ht://Dig Developer mailing list: [email protected] List information (subscribe/unsubscribe, etc.) https://lists.sourceforge.net/lists/listinfo/htdig-dev
