On Mon, May 5, 2014 at 4:24 PM, Alexander Shorin <[email protected]> wrote: > 1.6.0-rc.4 lacks of two important changes: > > HTML escaping for Fauxton: > https://github.com/apache/couchdb/commit/64144cc8bdbc64002bde64394dc8850d3987718c > this is related to recently reported XSS vulnerability COUCHDB-2232 > > And support of Erlang 17 (well, it's actually multiple commits due to > branch merge and rush master fixing at night): > Merge: > https://github.com/apache/couchdb/commit/296de8b1fe69e66d649294fd0445449b18c49194 > Fixes: > https://github.com/apache/couchdb/commit/519a488876323f822eaa77b435b1d28e56fd273a > https://github.com/apache/couchdb/commit/8c07af243e82ea950b8ef27cfa700a4a73f878ab > https://github.com/apache/couchdb/commit/7d29ade0b5b678ce35af184ef6c53824d0b0e250
Fixed! Now 1.6.x branch has support for Erlang 17 and Fauxton there is more better protected from reported XSS issues. All tests passed on Gentoo and FreeBSD, so no more unexpected trivial blocking issues should occurs. LETS FINALLY MAKE COUCHDB 1.6 RELEASE!(: -- ,,,^..^,,,
