Ooppss, sent to public ML. Sorry for the partial off-topic. You can reply privately if you want.
Thanks --Giovanni 2015-11-12 16:54 GMT+01:00 Giovanni Lenzi <g.le...@smileupps.com>: > Hi Alexander, > > I'm writing you privately because I don't want the main thread to go > off-topic > > Thanks for your roadmap to 1.7.0.. seems very very juicy! > > About the "COUCHDB-2752: Validate Host header" in your list. As > documented here (https://issues.apache.org/jira/browse/COUCHDB-2752), to > me it seems that flag can perfectly be used in the proposed way here: > http://couchdb.markmail.org/message/q2623pzw7lt73lcg?q=CouchDB+secure+even+withouth+a+proxy > > Do you confirm? > > > --Giovanni > > 2015-11-12 16:05 GMT+01:00 Alexander Shorin <kxe...@gmail.com>: > >> Dear CouchDB team, >> >> While we're all working on 2.0 is in progress, I fear that we'll end >> this year without a single release. Technically, there is only one >> month left till 2016 excluding holidays, but let's be honest - that's >> not enough for 2.0. So I propose the plan for 1.7 release to not end >> this year with empty list. >> >> There are a couple of important changes that we have for it and users >> are waiting for. Primary is the Erlang 18 compatibility, but not only. >> >> What we already have on 1.x.x branch: >> >> - COUCHDB-1011: replicate by document ids from futon >> - COUCHDB-1275: decode database names in recent used list >> - COUCHDB-2225 Enforce that shared libraries can be built by the system >> - COUCHDB-2430: Disable Nagle's algorithm >> - COUCHDB-2583: fix connection dropping by the resources which doesn't >> require any payload >> - COUCHDB-2761: Support glibc >= 2.20 >> - COUCHDB-2783: Bind both to IPv4 and IPv6 >> - Futon: Fixed potential XSS issue in jquery.ui >> - jquery.couch: Fixed document copying >> - sslv3 support is deprecated >> - Support for user configurable SSL ciphers >> - Multiple minor documentation fixes >> - Support Erlang 18 >> >> What we can backport without worry: >> >> - COUCHDB-1356: Return username on POST to /_session >> - COUCHDB-1447: X-Couch-* headers missed if custom headers were returned >> - COUCHDB-1964: eunit test suite >> - COUCHDB-2310: /db/_bulk_get >> - COUCHDB-2375: Respond with HTTP 400 Bad Request on invalid revision >> number >> - COUCHDB-2534: db security should respect authed users >> - COUCHDB-2732: Use thread local storage for couch_ejson_compare NIF >> - COUCHDB-2752: Validate Host header >> - COUCHDB-2873: Update snappy to 1.1.3 >> - Multiple improvements that we have for replicator >> >> What I would like to add: >> >> - COUCHDB-2722: Keys from rewrited query params should be blank when >> not specified in the URI >> - COUCHDB-2874: Rewrites via query server >> - COUCHDB-2877: Return nicer error for bad Authorization header >> - Deprecation of /_log >> - Deprecation of OAuth auth >> - Enable CORS by default: >> https://fetch.spec.whatwg.org/#basic-safe-cors-protocol-setup >> - Remove Fauxton - AFAIK, it supports 1.x no more and current version >> in 1.x.x branch is heavily outdated. >> - Mark this release as LTS with short (really) cycle of bug fixes ship >> >> Questionalbe: >> - Add systemd notification support. >> >> May be we can also include else experimental features, like JWT and/or >> Delegated auth. Personally, I would like to see them, but it's all up >> to you Klaus and Jan (; >> >> But even without these experimental features, we have quite long list >> of changes to ship. >> >> The plan is simple: for November get all from backport and add lists >> into 1.x.x branch and ship 1.7 in first half of December. Quite good >> Christmas Eve present for everyone. Personal deadlines 30th November >> and 20th December respectively. >> >> Since "everyone is busy on 2.0" I'll take care of this. >> >> P.S. If someone has else important bugfixes on mind to include, please >> drop a notice. For 2.0 we have ETOOMANY useful changes, but I would >> like to stop only on really important ones. Like replicator ones as I >> mentioned. >> >> -- >> ,,,^..^,,, >> > >
