+1 from me :)
On Aug 22, 2008, at 4:08 AM, Janne Jalkanen <[EMAIL PROTECTED]>
wrote:
Folks,
I got exactly one +1 for this release from Harry. Counting my own,
that amounts to +2.
Since we didn't get three +1s, a consensus is not achieved, the
release is not done, and we will leave 2.6.3 as the final 2.6
version with horrendous security bugs still open.
This OK with everyone?
/Janne
On 16 Aug 2008, at 13:57, Janne Jalkanen wrote:
Folks,
due to some security issues which have cropped up recently (mostly
bad file uploads and XSS attacks), I decided to build JSPWiki 2.6.4
with the latest security fixes. The release artifacts (= fancy way
of saying the bin, zip and signature files) are available at
http://www.ecyrd.com/~jalkanen/JSPWiki/2.6.4/
Again, this is a JSPWiki LGPL release, not endorsed by Apache, but
let's do this the Apache way to practice :-). Please download,
check that the build is okay, and vote on this list. The vote is
open for 72 hours (=ends on Tuesday, August 19th, 11:00 UTC.)
The ChangeLog is included below for your perusal.
2008-08-16 Janne Jalkanen <[EMAIL PROTECTED]>
* 2.6.4-rc-1
* JSPWIKI-319: Change Note extra checks.
2008-07-16 Andrew Jaquith <ajaquith AT apache DOT org>
* 2.6.4-svn-1
* JSPWIKI-315: added extra checks to AttachmentServlet.
/Janne
