web2py 2.9.3 is OUT. As you can see from the changelog we fixed three issues with security of sessions. One of those issues is pretty serious (if you use sessions in DB). So, if you use sessions in DB (or GAE) you should upgrade immediately.
Changelog: - jquery 1.11 - codemirror 3.21, thanks Paolo Valleri - fixed security issue with sessions in database, thanks Nathan Humphreys - fixed security issue with persistant data in session, thanks Kiran - fixed security issue with redirect after expired login, thanks André Kablu - cleaner DAL and rname integration, thanks niphlod and Michele - added mongodb and imap tests for dal, thanks Alan - NoSQL dal tests, thanks Alan - better docstrings, thanks Niphlod - allow URL(...,language=...) with parametric router, thanks Jonathan - allow non-expiration of gae-memcache, thanks crimsoncantab - MARKMIN(...,_class='...'), thanks Luca - better transliteration in building slugs - autolink emails - new Janrain API, thanks PeterQ2 - enable admin app for GAE (experimental), thanks Alan - many bug fixes - invalidate function in web2py.js, thanks Paolo - DAL(...,adapter_args=dict(engine='MyISAM')) - todolist panel in admin editor, thanks Paolo Valleri - enable killing processed in windows, thanks Yair -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
