[cvs] expresso/expresso-web/expresso/doc release.xml

JCorporate Ltd jcorp at jcorp2.servlets.net
Sat May 8 21:22:41 PDT 2004 

Update of /home/javacorp/.cvs/expresso/expresso/expresso-web/expresso/doc
In directory jcorp2.servlets.net:/tmp/cvs-serv15810/expresso-web/expresso/doc

Modified Files:
	release.xml 
Log Message:
added recommendation section for production expresso users


Index: release.xml
===================================================================
RCS file: /home/javacorp/.cvs/expresso/expresso/expresso-web/expresso/doc/release.xml,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** release.xml	8 May 2004 21:58:26 -0000	1.3
--- release.xml	9 May 2004 04:22:39 -0000	1.4
***************
*** 28,31 ****
--- 28,57 ----
  
    <sect1>
+     <title>Notice to Production Users</title>
+ 
+     <para>If you are already using Expresso in production, we highly recommend
+     upgrading to the Expresso 5.5 release to correct a some security issues
+     which have been fixed including: </para>
+ 
+     <itemizedlist>
+       <listitem>
+         <para>sql injection bugs in adding and updating fixed: Non-text data
+         typed fields where open to sql injection when adding or updating.
+         </para>
+       </listitem>
+ 
+       <listitem>
+         <para>sql injection bugs in searching fixed: When building a where
+         clause, the fields will now be validated against field masks with
+         default masks being set according to the data type. </para>
+       </listitem>
+ 
+       <listitem>
+         <para>also bugs in SecuredDBObject fixed that were security problems</para>
+       </listitem>
+     </itemizedlist>
+   </sect1>
+ 
+   <sect1>
      <title>What&#39;s New in Expresso 5.5</title>
  
***************
*** 188,192 ****
        types. Because the MIME types cannot be determined normally the items
        are uploaded and downloaded with application/x-unknown unless you set
!       the MIMETYPE attribute for the DBObject. </para>
  
        <para>DBMaint now based upon DataObjects, Smarter with User object, can
--- 214,218 ----
        types. Because the MIME types cannot be determined normally the items
        are uploaded and downloaded with application/x-unknown unless you set
!       the MIMETYPE attribute for the DBObject.</para>
  
        <para>DBMaint now based upon DataObjects, Smarter with User object, can
***************
*** 258,262 ****
  
          <para>SaxParserConfigurer now also looks for an installation of
!         GNUJAXP </para>
        </sect3>
  
--- 284,288 ----
  
          <para>SaxParserConfigurer now also looks for an installation of
!         GNUJAXP</para>
        </sect3>

More information about the cvs mailing list