svn commit: r1746064 - in /axis/axis2/java/core/branches/1_7/src/site: markdown/release-notes/1.7.3.md site.xml

Sun, 29 May 2016 14:40:25 -0700 

Author: veithen
Date: Sun May 29 21:39:17 2016
New Revision: 1746064

URL: http://svn.apache.org/viewvc?rev=1746064&view=rev
Log:
Add release note for Axis 1.7.3.

Modified:
    axis/axis2/java/core/branches/1_7/src/site/markdown/release-notes/1.7.3.md
    axis/axis2/java/core/branches/1_7/src/site/site.xml

Modified: 
axis/axis2/java/core/branches/1_7/src/site/markdown/release-notes/1.7.3.md
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/core/branches/1_7/src/site/markdown/release-notes/1.7.3.md?rev=1746064&r1=1746063&r2=1746064&view=diff
==============================================================================
--- axis/axis2/java/core/branches/1_7/src/site/markdown/release-notes/1.7.3.md 
(original)
+++ axis/axis2/java/core/branches/1_7/src/site/markdown/release-notes/1.7.3.md 
Sun May 29 21:39:17 2016
@@ -0,0 +1,21 @@
+Apache Axis2 1.7.3 Release Note
+-------------------------------
+
+Apache Axis2 1.7.3 is a security release that contains a fix for 
[CVE-2010-3981][]. That security
+vulnerability affects the admin console that is part of the Axis2 Web 
application and was originally
+reported for SAP BusinessObjects (which includes a version of Axis2). That 
report didn't mention
+Axis2 at all and the Axis2 project only recently became aware (thanks to 
Devesh Bhatt and Nishant
+Agarwala) that the issue affects Apache Axis2 as well.
+
+The admin console now has a CSRF prevention mechanism and all known XSS 
vulnerabilities as well as
+two non-security bugs in the admin console ([AXIS2-4764][] and [AXIS2-5716][]) 
have been fixed.
+Users of the Axis2 WAR distribution are encouraged to upgrade to 1.7.3 to take 
advantage of these
+improvements.
+
+This release also fixes a regression in the HTTP client code that is triggered 
by the presence of
+certain types of cookies in HTTP responses (see [AXIS2-5772][]).
+
+[CVE-2010-3981]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3981
+[AXIS2-4764]: https://issues.apache.org/jira/browse/AXIS2-4764
+[AXIS2-5716]: https://issues.apache.org/jira/browse/AXIS2-5716
+[AXIS2-5772]: https://issues.apache.org/jira/browse/AXIS2-5772

Modified: axis/axis2/java/core/branches/1_7/src/site/site.xml
URL: 
http://svn.apache.org/viewvc/axis/axis2/java/core/branches/1_7/src/site/site.xml?rev=1746064&r1=1746063&r2=1746064&view=diff
==============================================================================
--- axis/axis2/java/core/branches/1_7/src/site/site.xml (original)
+++ axis/axis2/java/core/branches/1_7/src/site/site.xml Sun May 29 21:39:17 2016
@@ -50,6 +50,7 @@
                 <item name="1.7.0" href="release-notes/1.7.0.html"/>
                 <item name="1.7.1" href="release-notes/1.7.1.html"/>
                 <item name="1.7.2" href="release-notes/1.7.2.html"/>
+                <item name="1.7.3" href="release-notes/1.7.3.html"/>
             </item>
             <item name="Modules" href="modules/index.html" />
             <item name="Tools" href="tools/index.html" />

Reply via email to