On Fri, Aug 15, 2014 at 9:53 AM, Alexander Shorin <kxe...@gmail.com> wrote:
> On Fri, Aug 15, 2014 at 12:49 AM, Robert Kowalski <r...@kowalski.gd> wrote: > > I might be wrong, I think that according to semver this would raise the > > version number to 1.7 , http://semver.org/ says: "Given a version number > > MAJOR.MINOR.PATCH, increment the: [...] MINOR version when you add > > functionality in a backwards-compatible manner." > > From commit message: > > https://github.com/apache/couchdb/commit/3bcf664b2f46750bf64bf970da07f9b133f98047 > > > Add Experimental Content-Security-Policy-Support (CSP) for Fauxton > > > >Like every web application, Fauxton is vulnerable against XSS and > > CSP is a technology that tries to help against that. > > > >The patch makes it possible to enable CSP for the /_utils path and > > allows configuration of the sent header. > > > > The default setting for the value of the header breaks the old > > Futon, when CSP is enabled there. The old Futon has alot of > > inline-JavaScript which is not allowed in the setting I have > > chosen as default. > > So while this is an experimental feature made for another experimental > feature, it's still a new feature which brings a new functionality > which is able to break behavior of existed one (Futon). Minor version > bump is required. > > How about move it for 1.7 release? > +1 to go for 1.7 instead. Also are the changes documented in our doc? - benoit
