+1 if it has been verified. It's certainly safer than the earlier behavior.
If we have some sample attack texts, we should add that to the unit test for
Utilities.removeHTML()
Dave:
There was an issue raised with the search feature, where I could possibly
learn cookies by publishing a constructed URL that invoked the search but
also had embedded script. Was that fixed as well? If not, we should
probably add a fix for that to the 2.3.1 release.
--a.
----- Original Message -----
From: "Dave Johnson" <[EMAIL PROTECTED]>
To: <[email protected]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, July 24, 2006 7:34 AM
Subject: VOTE: to Release Roller 2.3.1 (RC1)
I have prepared a release candidate for Roller 2.3.1 that fixes one issue:
http://opensource.atlassian.com/projects/roller/browse/ROL-1196
The release candidate files are available here:
http://people.apache.org/~snoopdave/
I think ROL-1196 is serious enough to justify "emergency bug fix
release" status.
- Dave
