update release notes

git-svn-id: https://svn.apache.org/repos/asf/archiva/branches/archiva-1.3.x@1429742 13f79535-47bb-0310-9956-ffa450edef68
2013-01-07 10:40:44 +00:00 · 2013-01-07 10:40:44 +00:00 · 9622db6f40
parent b614525547
commit 9622db6f40
2 changed files with 21 additions and 10 deletions
--- a/archiva-docs/src/site/apt/release-notes.apt
+++ b/archiva-docs/src/site/apt/release-notes.apt
@ -1,10 +1,10 @@
 -----
- Release Notes for Archiva 1.3.5
+ Release Notes for Archiva 1.3.6
 -----

-Release Notes for Archiva 1.3.5
+Release Notes for Archiva 1.3.6

-  The Apache Archiva team would like to announce the release of Archiva 1.3.5.  Archiva is {{{http://archiva.apache.org/download.html}
+  The Apache Archiva team would like to announce the release of Archiva 1.3.6.  Archiva is {{{http://archiva.apache.org/download.html}
  available for download from the web site}}.

  Archiva is an application for managing one or more remote repositories, including administration, artifact handling, browsing and searching.
@ -24,12 +24,15 @@ Release Notes for Archiva 1.3.5

 * Security Vulnerabilities

-    * A CSRF security vulnerability (CVE-2010-3449) is present in 1.3.2 and earlier.
+    * A remote code execution (CVE-2010-1870) vulnerability has been reported against 1.3.5
+      and earlier versions.
+
+    * CSRF (CVE-2011-1026) and XSS security (CVE-2011-1077) vulnerabilities have been reported against 1.3.4
+      and earlier versions.

    * An XSS security vulnerability (CVE-2011-0533) is present in 1.3.3 and earlier.

-    * Additional CSRF (CVE-2011-1026) and XSS security (CVE-2011-1077) vulnerabilities have been reported against 1.3.4
-      and earlier versions.
+    * A CSRF security vulnerability (CVE-2010-3449) is present in 1.3.2 and earlier.
  
  It is important that users using lower versions of Archiva upgrade to this version (or higher).

@ -56,7 +59,15 @@ Release Notes for Archiva 1.3.5

 * Release Notes

-  The Archiva 1.3.5 feature set can be seen in the {{{tour/index.html} feature tour}}.
+  The Archiva 1.3.6 feature set can be seen in the {{{tour/index.html} feature tour}}.
+
+* Changes in Archiva 1.3.6
+
+  Released: <<7 January 2013>>
+
+** Bug
+
+    * [MRM-1738] - defaultStack requires a stronger blacklist of parameter names in the param interceptor

 * Changes in Archiva 1.3.5

--- a/archiva-docs/src/site/site.xml
+++ b/archiva-docs/src/site/site.xml
@ -26,7 +26,7 @@
  </bannerLeft>
  <body>
    <breadcrumbs>
-      <item name="1.3.5" href="/index.html" />
+      <item name="1.3.6" href="/index.html" />
    </breadcrumbs>

    <menu name="Introduction">