Stefano Mazzocchi wrote: ...
Anyway, I also fixed a number of security issues. Most notably:
1) uploaded files are saved on disk by default (and web.xml has been changed accordingly) as a temporary storage.
2) uploaded files saved on disk are removed right at the end of the request. This assumes that you will handle the uploaded files yourself and the upload-dir is only used as a temporary media. [This might break back-compatibility on behavior, but I think it's a very sane thing to cleanup after your own mess]
3) I added a new servlet configuration parameter that disables uploading completely. And defaults to off for security reasons.
4) I also changed 'allow-reload' to false as default.
+1 to changes. Minor comment: status.xml, changes.xml, src/documentation/xdocs/installing/updating.xml
You got me there :)
One question: what's up with this status.xml/changes.xml/todo.xml? can we finally decide which one to use and adapt the doc-building system to it?
-- Stefano.
