Author: oching
Date: Tue Nov 30 03:41:31 2010
New Revision: 1040400
URL: http://svn.apache.org/viewvc?rev=1040400&view=rev
Log:
updated release notes
Modified:
archiva/tags/archiva-1.3.2/archiva-docs/src/site/apt/release-notes.apt
Modified: archiva/tags/archiva-1.3.2/archiva-docs/src/site/apt/release-notes.apt
URL:
http://svn.apache.org/viewvc/archiva/tags/archiva-1.3.2/archiva-docs/src/site/apt/release-notes.apt?rev=1040400&r1=1040399&r2=1040400&view=diff
==============================================================================
--- archiva/tags/archiva-1.3.2/archiva-docs/src/site/apt/release-notes.apt
(original)
+++ archiva/tags/archiva-1.3.2/archiva-docs/src/site/apt/release-notes.apt Tue
Nov 30 03:41:31 2010
@@ -22,6 +22,12 @@ Release Notes for Archiva 1.3.2
<<<wrapper.conf>>>, please update it for compatibility with the version
distributed
with the current release.
+* Security Vulnerabilities
+
+ * A CSRF security vulnerability fix is available in 1.3.2. It is important
that users using lower versions of Archiva
+ upgrade to this version (or higher).
+
+
* New in Archiva 1.3
** Forced re-scan
@@ -43,8 +49,16 @@ Release Notes for Archiva 1.3.2
* Release Notes
- The Archiva 1.3.1 feature set can be seen in the {{{tour/index.html} feature
tour}}.
-
+ The Archiva 1.3.2 feature set can be seen in the {{{tour/index.html} feature
tour}}.
+
+* Changes in Archiva 1.3.2
+
+ Released: <<29 November 2010>>
+
+** Bug
+
+ * [MRM-1438] - CSRF vulnerability - Archiva doesn't check which form sends
credentials
+
* Changes in Archiva 1.3.1
Released: <<11 June 2010>>
