Re: Attention: Rolling 1.3.0 rc3 in 24-36h

From: <kfogel_at_collab.net>
Date: 2005-11-17 20:38:53 CET

David James <james@cs.toronto.edu> writes:
> On 11/15/05, Daniel Berlin <dberlin@dberlin.org> wrote:
> > If you have changes, now would be the time to put them in STATUS.

I just added r17358 to STATUS:

  * r17358 (Issue #2423)
    mod_dav_svn should escape paths with ":" in their names for browsing
    Justification: Theoretical exploit possible, though none reported.
    Votes:
      +1: kfogel

I wouldn't be heartbroken if it were moved into 1.3.1 instead of
1.3.0. I only put it in 1.3.0 first because of the (theoretical)
exploit possibility. Thanks to Michael Sinz for bringing the issue to
my attention, by the way.

-Karl

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Nov 17 21:59:56 2005

This message: [ Message body ]
Next message: kfogel_at_collab.net: "Re: Found a typo in l10n file"
Previous message: David James: "Re: Attention: Rolling 1.3.0 rc3 in 24-36h"
In reply to: David James: "Re: Attention: Rolling 1.3.0 rc3 in 24-36h"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]