Hi Stanton, The Caja fix does warrant new release but I think it could wait till next week if no one actively using Caja with Shindig.
I dont know if any implementors of Shindig that uses Caja needs this ASAP. I know Yahoo! container does use it. I am CCing user list for FYI. Paul, any thoughts? - Henry On Thu, Sep 20, 2012 at 4:02 PM, Stanton Sievers <[email protected]> wrote: > Does that mean it can happen at the regularly scheduled time, i.e., the end > of the month? Or do you think we need beta5 ASAP because of the caja fix? > > Thanks, > -Stanton > > On Thu, Sep 20, 2012 at 6:52 PM, Henry Saputra <[email protected]>wrote: > >> Ah you are right Ryan, looks like you had cutoff the beta4 before >> Dan's commit the changes. >> >> We have "custom" beta4 that include Dan's refactor that we now revert >> to default beta4. >> >> So looks like we only need beta5 for Caja fix then I suppose. >> >> - Henry >> >> On Thu, Sep 20, 2012 at 3:40 PM, Henry Saputra <[email protected]> >> wrote: >> > Hmm so looks like the original bug >> > https://issues.apache.org/jira/browse/SHINDIG-1864 is close with wrong >> > fix version then? >> > >> > It has fix version of 2.5.0-beta4 >> > >> > - Henry >> > >> > On Thu, Sep 20, 2012 at 3:35 PM, Ryan Baxter <[email protected]> >> wrote: >> >> I am fairly sure Dan's oAuth changes didn't make it in beta 4 but the >> Caja >> >> fix probably warrants a new build. >> >> >> >> -Ryan >> >> >> >> On Sep 20, 2012, at 5:34 PM, Paul Lindner <[email protected]> wrote: >> >> >> >> sure. happy to. >> >> >> >> >> >> On Thursday, September 20, 2012, Henry Saputra wrote: >> >>> >> >>> Hi Ryan or Paul, >> >>> >> >>> With Dan's reverting changes to improvement for oauthpopup (this will >> >>> fix OAuth 1.0a flow for three legged dance) and Paul changes to fix >> >>> Caja security vulnerability, could one of you help preparing >> >>> 2.5.0-beta5 release? >> >>> >> >>> >> >>> Thanks, >> >>> >> >>> - Henry >> >> >> >> >> >> >> >> -- >> >> Paul Lindner -- [email protected] -- profiles.google.com/pmlindner >>
