On May 4, 2010, at 5/412:34 PM , Howard Lewis Ship wrote:
On Tue, May 4, 2010 at 10:04 AM, Robert Zeigler <robe...@scazdl.org>
wrote:
AssetProtection for 5.2 has been resolved. The dispatcher
introduced in 5.1
has been stripped out in favor of a less obtrusive system.
It's not quite complete; I haven't come up with a sure-fire way to
prevent malicious users from retrieving directory listings. I may
simply add a check that the classpath asset to retrieve includes a '.'
in the name somewhere.
Seems like a sucky check that could easily be circumvented. Eg:
foo/./bar will have a dot, and give you a directory listing. The
browser is likely to clean up this request, but that doesn't prevent
someone from using wget or curl to fetch the directory listing.
Robert
Robert
On May 4, 2010, at 5/411:53 AM , Christian Riedel wrote:
Have you already decided on a solution for the asset protection
issue? I
think it was also in progress for 5.2 as well, wasn't it?
Anyway, it's time for a release!
I tested 5.2 on one of my apps and the upgrade was just the switch
of the
version number (as promised) :)
Am 04.05.2010 um 10:23 schrieb Robin Komiwes:
Would be great for external contributions too.
On Tue, May 4, 2010 at 9:21 AM, Christian Edward Gruber <
christianedwardgru...@gmail.com> wrote:
+1. We're using a trunk build from 4/26 and we're having a nice
time of
it... but having a build known to be well-tested and accepted
would be
nice.
Christian.
On May 4, 2010, at 3:12 AM, Massimo Lusetti wrote:
On Tue, May 4, 2010 at 8:39 AM, Igor Drobiazko
<igor.drobia...@gmail.com>
wrote:
Tapestry 5.1.0.5 has been released one year ago and think we
need a new
release. We've fixed around 160 issues, we have a lot of
improvements
and
bug fixes.
There are so much new features I can't live without. I would
love to
upgrade my apps. What do you think about a 5.2.0 release?
I've been using 5.2 from day one and it has proven to be
reliable, as
was with 5.1 and 5.0 so I guess it would be really nice to have a
5.2.x release.
Cheers
--
Massimo
http://meridio.blogspot.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tapestry.apache.org
For additional commands, e-mail: dev-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tapestry.apache.org
For additional commands, e-mail: dev-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tapestry.apache.org
For additional commands, e-mail: dev-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tapestry.apache.org
For additional commands, e-mail: dev-h...@tapestry.apache.org
--
Howard M. Lewis Ship
Creator of Apache Tapestry
The source for Tapestry training, mentoring and support. Contact me to
learn how I can get you up and productive in Tapestry fast!
(971) 678-5210
http://howardlewisship.com
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tapestry.apache.org
For additional commands, e-mail: dev-h...@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tapestry.apache.org
For additional commands, e-mail: dev-h...@tapestry.apache.org
