[1.2.x] Play1: version 1.2.5.5, 1.2.6.1, 1.2.7.21 1.3.1 released (XSS Vulnerability)
186 views
Skip to first unread message
Alex
May 6, 2015, 4:12:46 AM5/6/15
to play-fr...@googlegroups.com
Hi all,
Some builds 1.2.5.5, 1.2.6.1, 1.2.7.2, with just the security fix and nothing else.
Play 1.3.1 contains the security fix and some others issues, features
The changes in this release are listed in the "Play 1.3.1 milestone":https://play.lighthouseapp.com/projects/57987-play-framework/milestones/208206-131 on Lighthouse, including 26 resolved tickets.
Play 1.3.1 is a maintenance release so it mostly contains bug fixes. The most important are:
* It was released to fix a vulnerability in play's URL builder (jsAction tag).
* Handle diacritics fro keys back into jsaction
* Fix Multidb configuration glitches
* c3p0 logging configuration for multiDB configuration
* Fix some exceptions in SSL mode server ssl
* yesno() evaluates NullObject as true
* Add optional parameter in script / stylesheet tags to define a custom path
* Add ability to enable some kind off test in test mode
Play can be downloaded from here:
* Play 1.2.5.5 http://downloads.typesafe.com/play/1.2.5.5/play-1.2.5.5.zip
* Play 1.2.6.1 http://downloads.typesafe.com/play/1.2.6.1/play-1.2.6.1.zip
* Play 1.2.7.2 http://downloads.typesafe.com/play/1.2.7.2/play-1.2.7.2.zip
* Play 1.3.1 http://downloads.typesafe.com/play/1.3.1/play-1.3.1.zip
Thanks,
Alex
Some builds 1.2.5.5, 1.2.6.1, 1.2.7.2, with just the security fix and nothing else.
Play 1.3.1 contains the security fix and some others issues, features
The changes in this release are listed in the "Play 1.3.1 milestone":https://play.lighthouseapp.com/projects/57987-play-framework/milestones/208206-131 on Lighthouse, including 26 resolved tickets.
Play 1.3.1 is a maintenance release so it mostly contains bug fixes. The most important are:
* It was released to fix a vulnerability in play's URL builder (jsAction tag).
* Handle diacritics fro keys back into jsaction
* Fix Multidb configuration glitches
* c3p0 logging configuration for multiDB configuration
* Fix some exceptions in SSL mode server ssl
* yesno() evaluates NullObject as true
* Add optional parameter in script / stylesheet tags to define a custom path
* Add ability to enable some kind off test in test mode
Play can be downloaded from here:
* Play 1.2.5.5 http://downloads.typesafe.com/play/1.2.5.5/play-1.2.5.5.zip
* Play 1.2.6.1 http://downloads.typesafe.com/play/1.2.6.1/play-1.2.6.1.zip
* Play 1.2.7.2 http://downloads.typesafe.com/play/1.2.7.2/play-1.2.7.2.zip
* Play 1.3.1 http://downloads.typesafe.com/play/1.3.1/play-1.3.1.zip
Thanks,
Alex
Gilberto Pederiva
May 6, 2015, 9:13:39 AM5/6/15
to play-fr...@googlegroups.com
Thanks.
--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Grzegorz Slowikowski
May 6, 2015, 10:48:54 AM5/6/15
to play-framework
Hi
What is the new 'console' module for?--
Odilio Noronha
May 6, 2015, 2:49:04 PM5/6/15
to play-fr...@googlegroups.com
thanks, great job guys
Scott Rippee
May 6, 2015, 3:02:58 PM5/6/15
to play-fr...@googlegroups.com
Hi,
Does the 1.2.7.2 tag in github have the fix? I don't see it in the commit log.
I'm looking to merge the fix into my fork of the 1.2.7.1 release.
Alex
May 6, 2015, 8:32:15 PM5/6/15
to play-fr...@googlegroups.com
Hi Scott,
The 1.2.7.2 tag has it, fix was done in the PR 866 * fix(router): make some improvement in router.
So if you want to merge it, look at all commit on Apr 27, 2015
Cheers
Alex
The 1.2.7.2 tag has it, fix was done in the PR 866 * fix(router): make some improvement in router.
So if you want to merge it, look at all commit on Apr 27, 2015
Cheers
Alex
Alex
May 6, 2015, 8:34:31 PM5/6/15
to play-fr...@googlegroups.com
Hi Grzegorz ,
there is no new module console, it was there for 5 years now.
Cheers
Alex
there is no new module console, it was there for 5 years now.
Cheers
Alex
Grzegorz Slowikowski
May 7, 2015, 3:02:15 AM5/7/15
to play-framework
Hi Alex
I asked wrong question. The 'console' module was in the repo for years, but was never released till 1.3.0.From my point of view the best way would be to regenerate (with 'and dist') and republish all latest distributions. Is it possible or is it too late?
RegardsMessage has been deleted
Alex
May 7, 2015, 5:23:38 AM5/7/15
to play-fr...@googlegroups.com
Hi
I will add the missing documentation/api, but reagrding modules/grizzly/ "documentation/api' and 'modules/testrunner/
I will add the missing documentation/api, but reagrding modules/grizzly/ "documentation/api' and 'modules/testrunner/
documentation/api', they were never release before, I didn't see it in 1.2.5
Or did I miss something?
Or did I miss something?
Grzegorz Slowikowski
May 7, 2015, 5:32:34 AM5/7/15
to play-framework
You are right. Sorry, ignore these two, I'm generating them in my local Maven builds.
BTW, why versions 1.2.5.4 and 1.2.7.1 were not releases. There are tags in repo, but no distributions for download.Grzegorz Słowikowski
May 13, 2015, 12:12:54 PM5/13/15
to play-fr...@googlegroups.com
Hi
All new versions mavenized and ready for use with Maven plugin for Play!
Framework 1.x (https://code.google.com/p/maven-play-plugin/)
Grzegorz Slowikowski
All new versions mavenized and ready for use with Maven plugin for Play!
Framework 1.x (https://code.google.com/p/maven-play-plugin/)
Grzegorz Slowikowski
> --
> You received this message because you are subscribed to the Google
> Groups "play-framework" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to play-framewor...@googlegroups.com
> <mailto:play-framewor...@googlegroups.com>.
> You received this message because you are subscribed to the Google
> Groups "play-framework" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to play-framewor...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages