Re: Found read-only security hole in svnserve

From: Erik Huelsmann <e.huelsmann_at_gmx.net>
Date: 2003-12-01 13:17:49 CET

I agree. Releasing 0.33.2 today and 0.34.0 two days from now might be
confusing.

bye,

Erik.

> On Mon, Dec 01, 2003 at 02:27:11AM -0500, Greg Hudson wrote:
> > svnserve's compatibility code for old clients was allowing clients to
> > read a repository even if anon-access was set to "none". I've fixed
> > this in r7888. This probably warrants an 0.33.2 if at all possible.
>
> I'd say port the fix over to 0.34 and recommend an upgrade to that
> instead. If we have to make a release, then I'd say stick to just 0.34.
>
> Cheers,
> -g
>
> --
> Greg Stein, http://www.lyra.org/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>

-- 
HoHoHo! Seid Ihr auch alle schön brav gewesen?
GMX Weihnachts-Special: Die 1. Adresse für Weihnachts-
männer und -frauen! http://www.gmx.net/de/cgi/specialmail
+++ GMX - die erste Adresse für Mail, Message, More! +++
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Mon Dec 1 13:18:39 2003

This message: [ Message body ]
Next message: Garrett Rooney: "Re: [PATCH] Detect the proper shell variable to set to give path to shared libraries in Makefile.PL"
Previous message: Barry Scott: "Re: Test build of 0.34.0 branch missing instructions?"
In reply to: Greg Stein: "Re: Found read-only security hole in svnserve"
Next in thread: Greg Hudson: "Re: Found read-only security hole in svnserve"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]