[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Strange download link on the web page [was: Re: Subversion 1.10.2 Checksum (SHA512)]

From: Branko Čibej <brane_at_apache.org>
Date: Sat, 22 Sep 2018 16:38:40 +0200

On 22.09.2018 16:29, Branko Čibej wrote:
> On 22.09.2018 16:22, Branko Čibej wrote:
>> On 22.09.2018 16:13, Daniel Shahaf wrote:
>>> Please don't download the artifacts from www*.apache.org but from a
>>> mirror. I think there is a redirector CGI somewhere that automatically
>>> redirects you to a mirror close to you, but I can't find it :(
>> http://subversion.apache.org/download.cgi
>>
>> Linked from our main page.
> [The original thread is on users@]
>
> I just noticed that when I click the 'Source Download' link in the
> navigation tab on our web page, I get:
>
> http://subversion.apache.org/download.cgi?update=201708081800
>
> instead of plain
>
> http://subversion.apache.org/download.cgi
>
> Can anyone remember why that is? It seems wrong, and also doesn't appear
> to do anything, since the page contents and especially download links
> appear to be the same in both cases.
>
> It was done in r1804690, the log message is:
>
> Release Subversion 1.9.7 with a fix for CVE-2017-9800.
>
> So it's possible that we forgot to clean that up after the security fix
> release ... and also that the ?update= parameter doesn't appear to work
> properly (any more).

I also noticed that publish/download.html now has explicit version
numbers in links instead of using the [version] and [supported] ezt
placeholders that are defined at the top of that file. Apparently this
changed during the 1.10 release cycle. Again ... why? The log doesn't say.

-- Brane
Received on 2018-09-22 16:38:49 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.