Dave wrote:
Apparently nobody on the list has time to check these XSS fixes out,
but it's pretty clear we need to validate these builds and get the
fixes out.
To encourage others to help with testing, should I post about them on
the Project blog and say something like:
"Roller patch releases in testing. New builds of Roller Version 2.3
and Roller 3.0 have been created to address security vulnerabilities.
These builds are "release candidate" builds and are for testing
purposes only. You can get builds Roller 3.0.1 RC1 and Roller 2.3.1
RC1 from this location: XXX"
- Dave
I am planning on devoting some time to look at these fixes today.
Though, the more eyeballs testing the better.
--
Matthew Montgomery
.Sun Engineering
Sun Microsystems, Inc.
