[xstream-scm] [2255] branches/v-1.4.x: Prepare documentation for release.

Fri, 07 Feb 2014 10:35:08 -0800

Title: [2255] branches/v-1.4.x: Prepare documentation for release.

Diff

Property changes: branches/v-1.4.x

Modified: svn:mergeinfo

+ /trunk:2151-2152,2154-2156,2158-2163,2165,2172,2175,2177,2188-2189,2197,2199-2201,2204,2206,2210,2212,2214-2217,2226,2229,2231,2233-2234,2236-2238,2247-2249

Modified: branches/v-1.4.x/xstream-distribution/src/content/changes.html (2254 => 2255)


--- branches/v-1.4.x/xstream-distribution/src/content/changes.html	2014-02-07 17:36:31 UTC (rev 2254)
+++ branches/v-1.4.x/xstream-distribution/src/content/changes.html	2014-02-07 18:34:02 UTC (rev 2255)
@@ -28,14 +28,17 @@
 	<a href="" Log</a>.
 	</p>
 
-    <h1 id="upcoming">Upcoming</h1>
+    <h1 id="1.4.7">1.4.7</h1>
 
-    <p>Not yet released.</p>
+    <p>Released February 8, 2013.</p>
 
+    <p class="highlight">This maintenance release addresses mainly the security vulnerability CVE-2013-7285, an
+    arbitrary execution of commands when unmarshalling.</p>
+
     <h2>Major changes</h2>
     
     <ul>
-   		<li>Add security framework to limit handled types while unmarshalling.</li>
+   		<li>Add <a href="" framework</a> to limit handled types while unmarshalling.</li>
    		<li>java.bean.EventHandler no longer handled automatically because of severe security vulnerability.</li>
     	<li>JIRA:XSTR-751: New SunLimitedUnsafeReflectionProvider that uses undocumented features only to allocate new
     	instances as required on Dalvik.</li>

Modified: branches/v-1.4.x/xstream-distribution/src/content/download.html (2254 => 2255)


--- branches/v-1.4.x/xstream-distribution/src/content/download.html	2014-02-07 17:36:31 UTC (rev 2254)
+++ branches/v-1.4.x/xstream-distribution/src/content/download.html	2014-02-07 18:34:02 UTC (rev 2255)
@@ -1,7 +1,7 @@
 <html>
 <!--
  Copyright (C) 2005, 2006 Joe Walnes.
- Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 XStream committers.
+ Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 XStream committers.
  All rights reserved.
  
  The software in this package is published under the terms of the BSD
@@ -18,24 +18,24 @@
 
     <p><a href="" XStream version numbers...</a></p>
 
-    <h1 id="stable">Stable Version: <span class="version">1.4.6</span></h1>
+    <h1 id="stable">Stable Version: <span class="version">1.4.7</span></h1>
 
     <ul>
-      <li><b><a href="" distribution:</a></b>
+      <li><b><a href="" distribution:</a></b>
       Contains the XStream jar files, the Hibernate and Benchmark modules and all the dependencies.</li>
-      <li><b><a href="" distribution:</a></b>
+      <li><b><a href="" distribution:</a></b>
       Contains the complete XStream project as if checked out from the Subversion version tag.</li>
-      <li><b><a href="" Core only:</a>
+      <li><b><a href="" Core only:</a>
       The xstream.jar only as it is downloaded automatically when it is referenced as Maven dependency.</b></li>
-      <li><b><a href="" Hibernate module:</a></b>
+      <li><b><a href="" Hibernate module:</a></b>
       The xstream-hibernate.jar as it is downloaded automatically when it is referenced as Maven dependency.</li>
-      <li><b><a href="" Benchmark module:</a></b>
+      <li><b><a href="" Benchmark module:</a></b>
       The xstream-benchmark.jar as it is downloaded automatically when it is referenced as Maven dependency.</li>
     </ul>
 
-    <h1 id="snapshot">Latest Snapshot</h1>
+    <h1 id="snapshot">Latest Snapshot HEAD revision</h1>
 
-    <p>Below are builds of the latest version of XStream from the <a href=""
+    <p>Below are builds of the latest HEAD version of XStream from the <a href=""
 
     <ul>
       <li><a href="" distributions</a></li>
@@ -44,6 +44,17 @@
       <li><a href="" Benchmark module</a></li>
     </ul>
 
+    <h1 id="snapshot-1.4.x">Latest Snapshot 1.4.x BRANCH revision</h1>
+
+    <p>Below are builds of the latest 1.4.x branch version of XStream from the <a href=""
+
+    <ul>
+      <li><a href="" distributions (1.4.x)</a></li>
+      <li><a href="" Core only (1.4.x)</a></li>
+      <li><a href="" Hibernate module (1.4.x)</a></li>
+      <li><a href="" Benchmark module (1.4.x)</a></li>
+    </ul>
+
     <h1 id="previous-releases">Previous Releases</h1>
 
     <p>Previous releases of XStream are also available. However, use of the latest stable version is recommended.</p>

Modified: branches/v-1.4.x/xstream-distribution/src/content/index.html (2254 => 2255)


--- branches/v-1.4.x/xstream-distribution/src/content/index.html	2014-02-07 17:36:31 UTC (rev 2254)
+++ branches/v-1.4.x/xstream-distribution/src/content/index.html	2014-02-07 18:34:02 UTC (rev 2255)
@@ -1,7 +1,7 @@
 <html>
 <!--
  Copyright (C) 2005, 2006 Joe Walnes.
- Copyright (C) 2006, 2007, 2008, 2011, 2012, 2013 XStream committers.
+ Copyright (C) 2006, 2007, 2008, 2011, 2012, 2013, 2014 XStream committers.
  All rights reserved.
  
  The software in this package is published under the terms of the BSD
@@ -36,6 +36,8 @@
         directly to/from any tree structure (not just XML).</li>
         <li><b>Customizable conversion strategies.</b> Strategies can be registered allowing customization of how
         particular types are represented as XML.</li>
+        <li><b>Security framework.</b> Fine-control about the unmarshalled types to prevent security issues with
+        manipulated input.</li>
         <li><b>Error messages.</b> When an exception occurs due to malformed XML, detailed diagnostics are provided
         to help isolate and fix the problem.</li>
         <li><b>Alternative output format.</b> The modular design allows other output formats. XStream ships currently
@@ -71,21 +73,18 @@
 
     <h1 id="news">Latest News</h1>
 
-    <h2 id="1.4.6"><b>December 12, 2013</b> XStream 1.4.6 released</h2>
+    <h2 id="1.4.7"><b>February 8, 2014</b> XStream 1.4.7 released</h2>
 
-      <p>Maintenance release 1.4.6 of XStream with bug fixes and improvements running with Java 8, in a GAE runtime
-      environment and under an active SecurityManager.</p>
+      <p class="highlight">This maintenance release addresses mainly the security vulnerability CVE-2013-7285, an
+      arbitrary execution of commands when unmarshalling.  All previous versions are affected running at least Java 5.</p>
 
+      <p>XStream contains now a security framework to fine-control the unmarshalled types.</p>
+
       <p>View the complete <a href="" log</a> and <a href=""
 
       <p>Note, the next major release 1.5 will require Java 6.</p>
 
-	  <p>Thanks to this impressive list of <a href=""
+      <p>Thanks to this impressive list of <a href=""
 
-    <h2 id="decade"><b>September 26, 2013</b> A Decade of XStream</h2>
-
-      <p>Joe Walnes made his initial commit to the XStream project at Codehaus in 26th September 2003.
-      10 years passed by and XStream celebrates its 10th birthday!</p>
-
   </body>
 </html>

Modified: branches/v-1.4.x/xstream-distribution/src/content/news.html (2254 => 2255)


--- branches/v-1.4.x/xstream-distribution/src/content/news.html	2014-02-07 17:36:31 UTC (rev 2254)
+++ branches/v-1.4.x/xstream-distribution/src/content/news.html	2014-02-07 18:34:02 UTC (rev 2255)
@@ -1,7 +1,7 @@
 <html>
 <!--
  Copyright (C) 2005, 2006 Joe Walnes.
- Copyright (C) 2006, 2007, 2008, 2009, 2011, 2012, 2013 XStream committers.
+ Copyright (C) 2006, 2007, 2008, 2009, 2011, 2012, 2013, 2014 XStream committers.
  All rights reserved.
  
  The software in this package is published under the terms of the BSD
@@ -16,15 +16,24 @@
 
   <body>
 
+    <h2 id="1.4.7"><b>February 8, 2014</b> XStream 1.4.7 released</h2>
+
+      <p class="highlight">This maintenance release addresses mainly the security vulnerability CVE-2013-7285, an
+      arbitrary execution of commands when unmarshalling.  All previous versions are affected running at least Java 5.</p>
+
+      <p>XStream contains now a security framework to fine-control the unmarshalled types.</p>
+
+      <p>View the complete <a href="" log</a> and <a href=""
+
+      <p>Note, the next major release 1.5 will require Java 6.</p>
+
     <h2 id="1.4.6"><b>December 12, 2013</b> XStream 1.4.6 released</h2>
 
       <p>Maintenance release 1.4.6 of XStream with bug fixes and improvements running with Java 8, in a GAE runtime
       environment and under an active SecurityManager.</p>
 
-      <p>View the complete <a href="" log</a> and <a href=""
+      <p>View the complete <a href="" log</a> and <a href=""
 
-      <p>Note, the next major release 1.5 will require Java 6.</p>
-
     <h2 id="1.4.5"><b>September 28, 2013</b> XStream 1.4.5 released</h2>
 
       <p>Maintenance release 1.4.5 of XStream with bug fixes and small improvements.</p>

Modified: branches/v-1.4.x/xstream-distribution/src/content/security.html (2254 => 2255)


--- branches/v-1.4.x/xstream-distribution/src/content/security.html	2014-02-07 17:36:31 UTC (rev 2254)
+++ branches/v-1.4.x/xstream-distribution/src/content/security.html	2014-02-07 18:34:02 UTC (rev 2255)
@@ -10,12 +10,10 @@
  Created on 09. January 2014 by Joerg Schaible
  -->
   <head>
-    <title>Security</title>
+    <title>Security Aspects</title>
   </head>
 
   <body>
-    <h1 id="intro">Introduction</h1>
-    
 	<p>XStream is designed to be an easy to use library.  It takes its main task seriously: converting Java objects to
 	XML, and XML to Java objects. As a result, it is possible to create an instance of XStream with the default
 	constructor, call a method to convert an object into XML, then call another method to turn the XML back into an

To unsubscribe from this list please visit:

http://xircles.codehaus.org/manage_email

Reply via email to