+1 - I didn't download and test, but 7 release candidates ensures quality in my mind. ;-)
Matt On 4/2/07, Dave <[EMAIL PROTECTED]> wrote:
Has anybody taken a look at RC7 yet? If not, please do! We need to get this release out. Please download it and at least do some quick sanity tests like posting and entry and making a comment. - Dave On 3/23/07, Dave <[EMAIL PROTECTED]> wrote: > I incorporated the XSS fixes below into Roller 3.1, so now we have RC7 > > - WEB-INF/lib/roller-web.jar > Now strips HTML from all incoming comment fields > > - WEB-INF/velocity/weblog.vm > Now HTML-escapes all comment-form fields before display > > - WEB-INF/jsps/authoring/CommentManagement.jsp > Now HTML-escapes all comment-form fields before display > > - WEB-INF/jsps/tiles/head.jsp > Eliminated the "look" request parameter, which was for debugging only > > - roller-ui/widgets/date.jsp > Now HTML-escapes value field of date widget > > > RC change list is here: > http://cwiki.apache.org/confluence/display/ROLLER/Testing+Roller+3.1 > > Release files are here: > http://people.apache.org/~snoopdave/apache-roller-3.1/ > > Please download, do some sanity testing and vote. > > - Dave >
-- http://raibledesigns.com
