Author: hlship
Date: Mon Apr 19 13:57:33 2010
New Revision: 935572
URL: http://svn.apache.org/viewvc?rev=935572&view=rev
Log:
Revise the upgrade notes, as WhitelistAuthorizer, etc., were introduced in 5.2.
Modified:
tapestry/tapestry5/trunk/src/site/apt/upgrade.apt
Modified: tapestry/tapestry5/trunk/src/site/apt/upgrade.apt
URL:
http://svn.apache.org/viewvc/tapestry/tapestry5/trunk/src/site/apt/upgrade.apt?rev=935572&r1=935571&r2=935572&view=diff
==============================================================================
--- tapestry/tapestry5/trunk/src/site/apt/upgrade.apt (original)
+++ tapestry/tapestry5/trunk/src/site/apt/upgrade.apt Mon Apr 19 13:57:33 2010
@@ -16,17 +16,13 @@ Release 5.2.0
* Assets
- There have been some changes to how assets operate in Tapestry 5.2. The
previous mechanism
- for marking assets as public (exposed to the client user agent), introduced
in Tapestry 5.1,
- have been removed in 5.2. The corresponding services (WhitelistAuthorizer,
RegexAuthorizer)
- have been deleted outright; you may need to modify your application module
to no longer make
- contributions to these services.
+ There have been some changes to how assets operate in Tapestry 5.2.
Virtual folders, used to define root packages for component libraries, may
no longer
- contain slashes. The same goes for LibraryMappings.
+ contain slashes. Virtual folders are the pathPrefix property of the
LibraryMapping objects
+ that are contributed to the ComponentClassResolver service.
- Each LibraryMapping contributed to the ComponentClassResolver service
- is now automatically converted into a matching contribution to
+ Each LibraryMapping is now automatically converted into a matching
contribution to
the ClasspathAssetAliasManager service. Previously a library author was
encouraged
to make contributions to both services. The path prefix of a LibraryMapping
is also
now prohibited from containing the slash character.
@@ -54,14 +50,6 @@ Release 5.2.0
now works in terms of adding new fields, initializing those fields using
callbacks, providing callbacks for access
to fields, and adding advice to methods.
-* Asset Security
-
- Tapestry now includes a new mechanism for ensuring the security of
server-side assets, addressing a bug
- that allowed a malicious user to search and download any file on the
classpath. The new approach
- is more secure, but is based on explicitly extending access; some existing
frameworks (created to
- be compatible with Tapestry 5.1) will need additional configuration to
extend access to their
- assets. See the {{{guide/assets.html}notes on securing Assets}}.
-
* Template Parser back to SAX
Tapestry no longer uses a StAX parser (it uses a normal SAX parser) to parse
component templates. This change
