SECURITY: Trac 0.10.3.1 Released

[Jonas Borgström]

Release Notes for Trac 0.10.3.1
===============================
March 8, 2007

We're happy to announce the Trac 0.10.3.1 release, available from:

http://trac.edgewall.org/wiki/TracDownload

For questions, comments and user discussions, please use the Trac
mailing list. List information, subscription and archive available at:

http://trac.edgewall.org/wiki/MailingList

Trac 0.10.3.1 is a security release:

* Always send "Content-Disposition: attachment" headers where
potentially unsafe (user provided) content is available for download.
This behaviour can be altered using the "render_unsafe_content"
option in the "attachment" and "browser" sections of trac.ini.
* Fixed XSS vulnerability in "download wiki page as text" in
combination with Microsoft IE. Reported by Yoshinori Oota, Business
Architects Inc.

Acknowledgements
================

Many thanks to the growing number of people who have, and continue to,
support the project. Also our thanks to all people providing feedback
and bug reports that helps us make Trac better, easier to use and more
effective.

Without your invaluable help, Trac would not evolve. Thank you all.

Finally, we offer hope that Trac will prove itself useful to like-minded
programmers around the world, and that this release will prove an
improvement over the last version.

Please let us know. :-)

/The Trac Team http://trac.edgewall.org/