I downloaded the packages and verified all of the sigs.
I installed from the tar.gz binary (only) from scratch without problem.
I'm +1 on release if you're comfortable that the XSS issues prompting the
new RC were resolved by the fixes.
--a.
----- Original Message -----
From: "Dave" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Monday, April 02, 2007 8:16 PM
Subject: Re: VOTE: Release Apache Roller 3.1 RC7 fix release
Has anybody taken a look at RC7 yet? If not, please do! We need to
get this release out. Please download it and at least do some quick
sanity tests like posting and entry and making a comment.
- Dave
On 3/23/07, Dave <[EMAIL PROTECTED]> wrote:
I incorporated the XSS fixes below into Roller 3.1, so now we have RC7
- WEB-INF/lib/roller-web.jar
Now strips HTML from all incoming comment fields
- WEB-INF/velocity/weblog.vm
Now HTML-escapes all comment-form fields before display
- WEB-INF/jsps/authoring/CommentManagement.jsp
Now HTML-escapes all comment-form fields before display
- WEB-INF/jsps/tiles/head.jsp
Eliminated the "look" request parameter, which was for debugging only
- roller-ui/widgets/date.jsp
Now HTML-escapes value field of date widget
RC change list is here:
http://cwiki.apache.org/confluence/display/ROLLER/Testing+Roller+3.1
Release files are here:
http://people.apache.org/~snoopdave/apache-roller-3.1/
Please download, do some sanity testing and vote.
- Dave
