CVS: mharc NEWS,1.28,1.29 TODO,1.10,1.11

Tue, 30 Jul 2002 21:32:04 -0700 

Update of /cvsroot/mhonarc/mharc
In directory subversions:/tmp/cvs-serv6214

Modified Files:
        NEWS TODO 
Log Message:
* cgi-bin/extract-mesg.cgi.in.dist:
  . Changed returned media-type from message/rfc822 to text/plain.
    message/rfc822 is nice since some browsers can render it directly,
    but it does open potential XSS HTML email attacks.

    IMPORTANT NOTE: User upgrading are encouraged to delete
                    "cgi-bin/extract-mesg.cgi.in" and run 'make
                    configure' after extracting this release.  If you
                    really want the message/rfc822 behavior, you can
                    edit "cgi-bin/extract-mesg.cgi.in" and redefine
                    the $message_media_type variable.

* etc/apache.conf.in.dist:
  . Security related comments added.  Users are encourage to read
    if using etc/apache.conf.


Index: NEWS
===================================================================
RCS file: /cvsroot/mhonarc/mharc/NEWS,v
retrieving revision 1.28
retrieving revision 1.29
diff -C2 -r1.28 -r1.29
*** NEWS        25 Jul 2002 03:29:38 -0000      1.28
--- NEWS        31 Jul 2002 04:53:21 -0000      1.29
***************
*** 1,3 ****
--- 1,22 ----
  ===========================================================================
+ 2002/MM/DD: v0.5.1
+ 
+ * cgi-bin/extract-mesg.cgi.in.dist:
+   . Changed returned media-type from message/rfc822 to text/plain.
+     message/rfc822 is nice since some browsers can render it directly,
+     but it does open potential XSS HTML email attacks.
+ 
+     IMPORTANT NOTE: User upgrading are encouraged to delete
+                   "cgi-bin/extract-mesg.cgi.in" and run 'make
+                   configure' after extracting this release.  If you
+                   really want the message/rfc822 behavior, you can
+                   edit "cgi-bin/extract-mesg.cgi.in" and redefine
+                   the $message_media_type variable.
+ 
+ * etc/apache.conf.in.dist:
+   . Security related comments added.  Users are encourage to read
+     if using etc/apache.conf.
+ 
+ ===========================================================================
  2002/07/24: v0.5.0
  

Index: TODO
===================================================================
RCS file: /cvsroot/mhonarc/mharc/TODO,v
retrieving revision 1.10
retrieving revision 1.11
diff -C2 -r1.10 -r1.11
*** TODO        23 Jul 2002 04:00:21 -0000      1.10
--- TODO        31 Jul 2002 04:53:21 -0000      1.11
***************
*** 18,21 ****
--- 18,24 ----
      location.
  
+  => Make everything into modules and just have one command
+     to use to run everything.
+ 
  ===========================================================================
  $Id$

---------------------------------------------------------------------
To sign-off this list, send email to [EMAIL PROTECTED] with the
message text UNSUBSCRIBE MHONARC-DEV

Reply via email to