+1 - downloaded - checked gpg key - unzipped - unjarred the war file to the webapps/JSPWiki dir (not drop the war file, that piece of doc should be changed in 2.8) - took me some time to get the "old" jaas working again :-) - tested a couple of functions like Edit, Preview, Diff, Login, Logout, Prefs, Create/Delete/Rename pages - tested a couple of plugins - tested for both fixes (ok)
Have I forgotten any important things ? regards, Harry 2008/8/16 Janne Jalkanen <[EMAIL PROTECTED]> > Folks, > > due to some security issues which have cropped up recently (mostly bad file > uploads and XSS attacks), I decided to build JSPWiki 2.6.4 with the latest > security fixes. The release artifacts (= fancy way of saying the bin, zip > and signature files) are available at > > http://www.ecyrd.com/~jalkanen/JSPWiki/2.6.4/<http://www.ecyrd.com/%7Ejalkanen/JSPWiki/2.6.4/> > > Again, this is a JSPWiki LGPL release, not endorsed by Apache, but let's do > this the Apache way to practice :-). Please download, check that the build > is okay, and vote on this list. The vote is open for 72 hours (=ends on > Tuesday, August 19th, 11:00 UTC.) > > The ChangeLog is included below for your perusal. > > 2008-08-16 Janne Jalkanen <[EMAIL PROTECTED]> > > * 2.6.4-rc-1 > > * JSPWIKI-319: Change Note extra checks. > > 2008-07-16 Andrew Jaquith <ajaquith AT apache DOT org> > > * 2.6.4-svn-1 > > * JSPWIKI-315: added extra checks to AttachmentServlet. > > > /Janne -- met vriendelijke groet, Harry Metske Telnr. +31-548-512395 Mobile +31-6-51898081
