Hi,
I plan to tag 5.0.17 tomorrow.
So there will be a fix for a DoS with SSL in this release (plus the XSS "issue", but I'll only mention it in the changelog). I'll tag 4.1.30 a little bit later (since it's supposed to be the really stable branch, it can use some testing through 5.0.x).
As for JSR 160 support, it'll have to wait for next time, unless it's really easy to do (I'm going to try this afternoon). I plan to implement it as a server listener, disabled by default (of course).
Everything seems ok (and the changelog is a lot bigger than what I though). I actually had forgotten one security issue: data corruption for incomplete small POSTs (and generally, mishandling of incomplete POSTs).
I'll tag soon.
Rémy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
