geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r366360 - /geronimo/branches/1.0/RELEASE-NOTES-1.0.txt
Date Fri, 06 Jan 2006 00:37:55 GMT
Author: hogstrom
Date: Thu Jan  5 16:37:53 2006
New Revision: 366360

Updated 1.0 Release Notes


Modified: geronimo/branches/1.0/RELEASE-NOTES-1.0.txt
--- geronimo/branches/1.0/RELEASE-NOTES-1.0.txt (original)
+++ geronimo/branches/1.0/RELEASE-NOTES-1.0.txt Thu Jan  5 16:37:53 2006
@@ -101,6 +101,16 @@
   (the above URL must be all on one line)
+Late Release News (not in RELEASE-NOTES-1.0.txt in build)
+Just as the Geronimo Release was being prepared a report was made about a 
+potential security issue when using the Jetty Web Conatiner.  The issue was noted 
+on Jetty 5.1.9 which used by geronimo 1.0, which allows a crafted URL to access the 
+contents of a WEB-INF directory if the server is running on a Windows platform.   
+This issue is fixed in Jetty 5.1.10 and will be provided in Geronimo 1.0.1 which will
+be available in the near future.
 Significant Changes Since the M5 Release
  * the ConfigID format has been updated in anticipatation of future

View raw message