deweese 2004/02/24 02:48:13
Modified: xdocs index.xml security.xml
Log:
Doc updates
Revision Changes Path
1.54 +18 -13 xml-batik/xdocs/index.xml
Index: index.xml
===================================================================
RCS file: /home/cvs/xml-batik/xdocs/index.xml,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- index.xml 20 Feb 2004 16:34:52 -0000 1.53
+++ index.xml 24 Feb 2004 10:48:13 -0000 1.54
@@ -36,24 +36,13 @@
generation or manipulation.
</p>
<ul>
+ <li><link href="#SecurityWarning">Script Security Warning</link></li>
<li><link href="#BatikApplications">Applications of Batik</link></li>
<li><link href="#SVGSpecification">The SVG Specification</link></li>
<li><link href="#BatikStatus">What is Batik's Implementation
Status?</link></li>
<li><link href="#DownloadBatik">Downloading the Batik
distribution (source and binary)</link></li>
<li><link href="#projectAndProductExamples">Examples of projects and
products using Batik</link></li>
</ul>
- <p>
- This is a warning that a security issue was reported in the
- Batik Squiggle browser. Squiggle uses the Rhino scripting
- engine and some features of that engine can be leveraged by
- malicious scripts to gain access to otherwise protected
- resources (like the file system).
-
- The Batik team has worked with the Rhino team to fix the isssue
- that was reported and the Batik 1.5.1 patch release addresses
- the issue:
- </p>
-
<p>
The project's ambition is to give developers a set of
<link href="architecture.html#coreComponents">core
@@ -74,6 +63,22 @@
</p>
</s1>
+
+ <anchor id="SecurityWarning" />
+ <s1 title="Script Security Warning">
+ <p>
+ This is a warning that a script security issue was reported in
+ the Batik Squiggle browser. Squiggle uses the Rhino scripting
+ engine and some features of that engine can be leveraged by
+ malicious scripts to gain access to otherwise protected
+ resources (like the file system).
+ </p>
+ <p>
+ The Batik team has worked with the Rhino team to fix the isssue
+ that was reported and the <link
href="http://www.apache.org/dyn/closer.cgi/xml/batik";>Batik 1.5.1</link>
+ patch release addresses the issue.
+ </p>
+ </s1>
<anchor id="BatikApplications" />
<s1 title="Applications of Batik">
1.4 +9 -2 xml-batik/xdocs/security.xml
Index: security.xml
===================================================================
RCS file: /home/cvs/xml-batik/xdocs/security.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- security.xml 22 Jan 2004 01:49:58 -0000 1.3
+++ security.xml 24 Feb 2004 10:48:13 -0000 1.4
@@ -26,7 +26,14 @@
<p>
With the addition of scripting support in Batik 1.5, security features
have also been added to enable users of the Batik toolkit to run
- scripts in a secure manner. There are two major security features in Batik:
+ scripts in a secure manner.</p>
+ <p>
+ If you are using scripts, please make sure you have reviewed the
+ <link href="index.html#SecurityWarning">Script Security
+ Warning</link> with regards to the Batik 1.5 release.
+ </p>
+ <p>
+ There are two major script security features in Batik:
</p>
<ul>
<li><link href="#sandBox">Script execution</link></li>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
