[interchange-cvs] interchange - jon modified WHATSNEW-5.5
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Sat Jun 24 11:43:34 EDT 2006
User: jon
Date: 2006-06-24 15:43:34 GMT
Modified: . WHATSNEW-5.5
Log:
Added note about DoS fix, standardized voice, and mentioned UPGRADE
document which is important again.
Revision Changes Path
1.7 +18 -9 interchange/WHATSNEW-5.5
rev 1.7, prev_rev 1.6
Index: WHATSNEW-5.5
===================================================================
RCS file: /var/cvs/interchange/WHATSNEW-5.5,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -u -r1.6 -r1.7
--- WHATSNEW-5.5 9 May 2006 12:37:50 -0000 1.6
+++ WHATSNEW-5.5 24 Jun 2006 15:43:34 -0000 1.7
@@ -8,31 +8,40 @@
Interchange 5.5.1 released on YYYY-MM-DD.
+See UPGRADE document for incompatible changes not listed here.
+
Core
----
-* Fix UserDB login issues within embedded Perl by using
+* Fixed UserDB login issues within embedded Perl by using
Vend::Util::string_to_ref for deserialization of carts and other
hashes.
-* Remove odd formatting from --add entry in interchange manual page
+* Remove odd formatting from --add entry in interchange manual page.
+
+* Fixed a DoS exploit. A carefully crafted HTTP POST request could cause
+ an Interchange page processor to hang until it's killed by Interchange's
+ periodic housekeeping routine. If several of these requests are received
+ in quick succession then it could be possible to disable all of the page
+ processors, rendering Interchange unresponsive for a while. Fixed by
+ Kevin Walsh; pointed out by Donald Alexander.
UserTag
-------
-* [save-cart] keeps cart if userdb returns with an error.
+* Make [save-cart] keep cart if userdb returns with an error.
-* [formel] calls [display] on unknown types.
+* Make [formel] call [display] on unknown types.
Jobs
----
-* new job group db with export job to export databases offline for backup
- and version control purposes
+* Added new job group db with export job to export databases offline for
+ backup and version control purposes.
-Standard
----------
+Standard demo
+-------------
-* Fix minor security hole of admin's session ID being exposed when placing
+* Fixed minor security hole of admin's session ID being exposed when placing
an order in the admin. Found by Mark Lipscombe <markl at gasupnow.com>.
More information about the interchange-cvs
mailing list