I have time today, so I will commit the fix to the rc2 branch, as well as the new design for the examples.
Frank On Dec 7, 2007 4:40 PM, Matej Knopp <[EMAIL PROTECTED]> wrote: > will do. > > On Dec 7, 2007 10:20 AM, Frank Bille <[EMAIL PROTECTED]> wrote: > > Ok, unless someone has a good reason that the issue is invalid, I will > stop > > the vote now. > > > > I can first rebuild on sunday, but Matej, can you commit the fix to the > > release branch as well as update the issue to say that it's fixed in > rc2? > > > > Frank > > > > > > > > On Dec 7, 2007 1:40 AM, Matej Knopp <[EMAIL PROTECTED]> wrote: > > > > > -1 from me too. > > > > > > I just commited the fix though. Here's a jira issue for it: > > > https://issues.apache.org/jira/browse/WICKET-1209 > > > > > > -Matej > > > > > > On Dec 7, 2007 1:34 AM, Matt Clark <[EMAIL PROTECTED]> wrote: > > > > I don't have a vote obviously, but -1 just because of what I believe > is > > > > a serious security problem with WicketSessionFilter. Revision > 556446, > > > > which was trying to also make the application object available via > > > > wicketsessionfilter, added some coded immediately after the > > > > Session.unset(). In the next revision 556700 that change was > reverted, > > > > but instead of just removing the code from 556446 the change also > > > > removed the Session.unset(). Now, we're using WicketSessionFilter > and > > > > our users are seeing information from other users' sessions. > > > > > > > > I believe all that is required to fix this is to add back a > > > > Session.unset() after the chain.doFilter in WicketSessionFilter, but > > > > would it also be a good idea to do this? > > > > > > > > try{ > > > > filter.doChain(...); > > > > }finally{ > > > > Session.unset(); > > > > } > > > > > > > > We're really looking forwarded to some of the fixes in RC2, so I > hope > > > > this can make it in there, as it appears to be just an accident. > > > > > > > > Thanks, > > > > Matt Clark > > > > > > > > > > > > -----Original Message----- > > > > From: Johan Compagner [mailto:[EMAIL PROTECTED] > > > > Sent: Thursday, December 06, 2007 5:38 PM > > > > To: [email protected] > > > > Subject: Re: [VOTE] Release Wicket 1.3.0 release candidate 2 > > > > > > > > +1 release > > > > > > > > 2007/12/6, Frank Bille <[EMAIL PROTECTED]>: > > > > > Hi all, > > > > > > > > > > I have uploaded the artifacts to my p.a.o account. This is what I > have > > > > > tested: > > > > > > > > > > * Run "mvn clean install" on the distribution. Installs, no test > > > > failures. > > > > > * Run RAT[1] on the release and checked the output. Nothing to > notice. > > > > > * Tried different things in the examples, like ajax, links, > images, > > > > forms, > > > > > guice and pub2. Nothing to notice. > > > > > > > > > > The releases has been signed with my GPG key, which you can find > in > > > > the > > > > > KEYS[2] file. > > > > > > > > > > Anyway, here you can find the distribution files: > > > > > > > > > > http://people.apache.org/~frankbille/releases/apache-wicket-1.3.0-rc2/di<http://people.apache.org/%7Efrankbille/releases/apache-wicket-1.3.0-rc2/di> > < > http://people.apache.org/%7Efrankbille/releases/apache-wicket-1.3.0-rc2/di > > > > > > st/< > http://people.apache.org/%7Efrankbille/releases/apache-wicket-1.3.0- > > > > rc2/dist/> > > > > > > > > > > and here you can find the maven repo: > > > > > > > > > > http://people.apache.org/~frankbille/releases/apache-wicket-1.3.0-rc2/m2<http://people.apache.org/%7Efrankbille/releases/apache-wicket-1.3.0-rc2/m2> > < > http://people.apache.org/%7Efrankbille/releases/apache-wicket-1.3.0-rc2/m2 > > > > > > -repo/< > http://people.apache.org/%7Efrankbille/releases/apache-wicket-1.3 > > > > .0-rc2/m2-repo/> > > > > > > > > > > and here I have uploaded the RAT logs: > > > > > > > > > > http://people.apache.org/~frankbille/releases/apache-wicket-1.3.0-rc2<http://people.apache.org/%7Efrankbille/releases/apache-wicket-1.3.0-rc2> > <http://people.apache.org/%7Efrankbille/releases/apache-wicket-1.3.0-rc2> > > > > > <ht > > > > tp://people.apache.org/%7Efrankbille/releases/apache- > wicket-1.3.0-rc2> > > > > > > > > > > [ ] Release Apache Wicket 1.3.0-rc2 > > > > > [ ] Don't release, because... > > > > > > > > > > > > > > > Regards > > > > > Frank > > > > > > > > > > [1]: http://code.google.com/p/arat/ > > > > > [2]: http://svn.apache.org/repos/asf/wicket/common/KEYS > > > > > > > > > > > > > > >
