On 3/23/07, Anil Gangolli <[EMAIL PROTECTED]> wrote:
Dave: No signature files present for RC7. Couldn't verify.
I just uploaded the signature files.
I'm proceeding to test a clean install on my dev box.
Thanks Anil! - Dave
----- Original Message ----- From: "Dave" <[EMAIL PROTECTED]> To: <roller-dev@incubator.apache.org> Sent: Friday, March 23, 2007 7:31 AM Subject: VOTE: Release Apache Roller 3.1 RC7 fix release >I incorporated the XSS fixes below into Roller 3.1, so now we have RC7 > > - WEB-INF/lib/roller-web.jar > Now strips HTML from all incoming comment fields > > - WEB-INF/velocity/weblog.vm > Now HTML-escapes all comment-form fields before display > > - WEB-INF/jsps/authoring/CommentManagement.jsp > Now HTML-escapes all comment-form fields before display > > - WEB-INF/jsps/tiles/head.jsp > Eliminated the "look" request parameter, which was for debugging only > > - roller-ui/widgets/date.jsp > Now HTML-escapes value field of date widget > > > RC change list is here: > http://cwiki.apache.org/confluence/display/ROLLER/Testing+Roller+3.1 > > Release files are here: > http://people.apache.org/~snoopdave/apache-roller-3.1/ > > Please download, do some sanity testing and vote. > > - Dave >
