Re: VOTE: Release Apache Roller 3.1

Sat, 17 Mar 2007 16:16:52 -0800 

I've fixed ROL-1374 in the trunk.
There was a slight difference in the way the path was being formed for the termination cookie, so it wasn't matching the original. 


Since it only affects the logout-redirect.jsp, sites that want the fix can 
pick up the logout-redirect.jsp from the fix revision and just drop it in.



Dave, if for any reason we do spin another 3.1 RC, you should incorporate 
the fix.


I'm +1 on the release of RC6.

--a.



----- Original Message ----- 
From: "Anil Gangolli" <[EMAIL PROTECTED]>

To: <roller-dev@incubator.apache.org>
Sent: Saturday, March 17, 2007 1:14 PM
Subject: Re: VOTE: Release Apache Roller 3.1





I did a cursory test of a fresh installation of RC6.  It looks fine to me.


I noticed it has the permanent Remember Me bug which I've filed as 
http://opensource.atlassian.com/projects/roller/browse/ROL-1374.

The workaround is to drop the cookie manually from the browser.


I will look at the bug in more detail later today.  I don't know if we 
consider this serious enough an issue to hold release.
It is a potential security issue if the user thinks they have logged out 
and leaves a browser.



This bug doesn't affect Roller 2.3.1 which I am currently running (and am 
about to try upgrading).


I'm hoping to hear other opinions on this bug before I cast my vote.

--a.



Some notes on my installation.


Downloaded and verified signatures on all four zip/tar.gz binary/source 
distributions.  All OK.



For installation I used only the tar.gz binary distribution.  I did not 
examine or try building from the source distribution.



I downloaded required-jars-roller-3.1.tar.gz runtime jar bundle from 
roller.dev.java.net site


I used mail and activation jars I had previously downloaded.


Runtime Platform:
- Apache Tomcat 5.5.17 (from Apache distribution)
- Sun JDK 1.5.0_11 for Linux
- MySQL 5.0.27 (from mysql-5.0.27-1.fc6 rpm)

   -  I use InnoDB as the default storage engine and UTF-8 as the default 
char set

- Linux (Fedora Core 6)



The only custom properties I set were uploads.dir and search.index.dir to 
installation-specific values, and log4j.properties to use a specific log 
filename.




----- Original Message ----- 
From: "Dave" <[EMAIL PROTECTED]>

To: <roller-dev@incubator.apache.org>
Sent: Wednesday, March 14, 2007 9:24 AM
Subject: Re: VOTE: Release Apache Roller 3.1



Jon Stevens downloaded RC5, tested and found a couple of bugs in the
new File Upload sub-folder feature, so I fixed that and couple of
footer links.

Now we have RC6
http://people.apache.org/~snoopdave/apache-roller-3.1/

And the updated change list here
https://roller.dev.java.net/servlets/ProjectDocumentList?folderID=6962

Download, test and please VOTE!

- Dave




























					Reply via email to