1.6.0-rc.4 lacks of two important changes: HTML escaping for Fauxton: https://github.com/apache/couchdb/commit/64144cc8bdbc64002bde64394dc8850d3987718c this is related to recently reported XSS vulnerability COUCHDB-2232
And support of Erlang 17 (well, it's actually multiple commits due to branch merge and rush master fixing at night): Merge: https://github.com/apache/couchdb/commit/296de8b1fe69e66d649294fd0445449b18c49194 Fixes: https://github.com/apache/couchdb/commit/519a488876323f822eaa77b435b1d28e56fd273a https://github.com/apache/couchdb/commit/8c07af243e82ea950b8ef27cfa700a4a73f878ab https://github.com/apache/couchdb/commit/7d29ade0b5b678ce35af184ef6c53824d0b0e250 Also not sure if these PR: https://github.com/apache/couchdb/pull/223 https://github.com/apache/couchdb/pull/224 not containing any fixes of possible XSS. Robert, are they? -- ,,,^..^,,, On Mon, May 5, 2014 at 3:40 PM, Dirkjan Ochtman <[email protected]> wrote: > Dear community, > > Due to test failures in rc.3, I would like to release Apache CouchDB > 1.6.0-rc.4. Special thanks to Alexander for doing a lot of > investigation into the failures and whipping rc.4 into shipping. > > Changes since last round: > > * > https://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=shortlog;h=refs/heads/1.6.x > > We encourage the whole community to download and test these release > artefacts so that any critical issues can be resolved before the > release is made. Everyone is free to vote on this release, so get > stuck in! > > The release artefacts we are voting on are available here: > > wget > https://dist.apache.org/repos/dist/dev/couchdb/source/1.6.0/rc.4/apache-couchdb-1.6.0.tar.gz > wget > https://dist.apache.org/repos/dist/dev/couchdb/source/1.6.0/rc.4/apache-couchdb-1.6.0.tar.gz.asc > wget > https://dist.apache.org/repos/dist/dev/couchdb/source/1.6.0/rc.4/apache-couchdb-1.6.0.tar.gz.ish > wget > https://dist.apache.org/repos/dist/dev/couchdb/source/1.6.0/rc.4/apache-couchdb-1.6.0.tar.gz.md5 > wget > https://dist.apache.org/repos/dist/dev/couchdb/source/1.6.0/rc.4/apache-couchdb-1.6.0.tar.gz.sha > > Please follow the test procedure here: > > http://wiki.apache.org/couchdb/Test_procedure > > Please remember that "rc.4" is an annotation. If the vote passes, > these artefacts will be released as Apache CouchDB 1.6.0. > > Please cast your votes now. > > Thanks, > > Dirkjan
