Re: svn commit: r487885 - /incubator/solr/trunk/build.xml
On 12/16/06, Chris Hostetter <[EMAIL PROTECTED]> wrote: : Not the most efficient, but it works. when you changed the svn:line-ending props for the scripts, i realized that "fixing" the files we put in the zip works as long as the release is built by someone on a unix env ... if someone prepares a release on a windows box, then the source in the tgz will need fixed. but as long as we build our first release on a unix machine we should be fine ... we can bullet proof the release mechanism later :) Yeah, I wanted to mess with the fewest things possible to get this out. BTW, I do build on a windows box, but with cygwin, using the cygwin version of svn which grabs eol "native" as LF only. vim/gvim also detect the line endings of text files you are editing and keeps them the same for lines you change. -Yonik
Re: [VOTE] release Apache Solr 1.1.0
On 12/16/06, Yoav Shapira <[EMAIL PROTECTED]> wrote: Did you have a chance to run RAT against the release candidate? Yes. Below is the file list with ASL, JDOC and B (binary) lines removed to make the size manageable. All of the !? files are either: - CHANGES.txt, which IMO is in the same category as README, NOTICE, and LICENSE (the "N" for notice category) and shouldn't need the ASL header. These are our release notes, and no other ASF release I looked at had the ASL header for this. - generated site files from forrest (the source files do have the ASL) - files under a different license, and referenced in NOTICE.txt -Yonik Analysing Documents... * Notes:8 Binaries: 58 Archives: 20 Standards: 692 301 Apache Licensed 369 Generated Documents JavaDocs are generated and so license header is optional 22 Unknown Licenses *** Archives (+ indicates readable, $ unreadable): + apache-solr-1.1.0-incubating.jar + apache-solr-1.1.0-incubating.war + start.jar + ant.jar + commons-el.jar + commons-logging.jar + jasper-compiler.jar + jasper-runtime.jar + mx4j-remote.jar + mx4j-tools.jar + mx4j.jar + javax.servlet.jar + org.mortbay.jetty.jar + org.mortbay.jmx.jar + solr.war + lucene-core-nightly.jar + lucene-highlighter-nightly.jar + lucene-snowball-nightly.jar + servlet-api-2.4.jar + xpp3-1.1.3.4.O.jar * Compressed archives will be marked A Notices, licenses etc will be marked N D f:\code\wip\apache-solr-1.1.0-incubating !? CHANGES.txt N KEYS.txt N LICENSE.txt N NOTICE.txt N README.txt D f:\code\wip\apache-solr-1.1.0-incubating\dist A apache-solr-1.1.0-incubating.jar A apache-solr-1.1.0-incubating.war D f:\code\wip\apache-solr-1.1.0-incubating\docs !? .htaccess !? features.html !? index.html !? issue_tracking.html !? linkmap.html !? mailing_lists.html !? tutorial.html !? version_control.html !? who.html D f:\code\wip\apache-solr-1.1.0-incubating\docs\api !? package-list !? stylesheet.css D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\analysis D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\analysis\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\core D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\core\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\request D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\request\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\schema D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\schema\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\search D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\search\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\search\function D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\search\function\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\servlet D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\servlet\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\tst D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\tst\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\update D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\update\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\util D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\util\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\util\doc-files D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\util\test D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\util\test\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\util\xslt D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\org\apache\solr\util\xslt\class-use D f:\code\wip\apache-solr-1.1.0-incubating\docs\api\resources D f:\code\wip\apache-solr-1.1.0-incubating\docs\images D f:\code\wip\apache-solr-1.1.0-incubating\docs\skin !? note.txt !? profile.css D f:\code\wip\apache-solr-1.1.0-incubating\docs\skin\css D f:\code\wip\apache-solr-1.1.0-incubating\docs\skin\images N README.txt D f:\code\wip\apache-solr-1.1.0-incubating\docs\
Re: [VOTE] release Apache Solr 1.1.0
Did you have a chance to run RAT against the release candidate? Yoav On 12/16/06, Yonik Seeley <[EMAIL PROTECTED]> wrote: Thanks to everyone for all the work that went into making this release so far! I have posted a candidate release at http://people.apache.org/~yonik/solr/staging_area/ Please vote on releasing these packages as Apache Solr 1.1.0. The vote is open for the next 72 hours, and passes if at least three +1 votes are cast. Then the Apache Incubator must vote to allow this release. [ ] +1 Release the packages as Apache Solr 1.1.0 [ ] -1 Do not release the packages because... -Yonik
Re: svn commit: r487885 - /incubator/solr/trunk/build.xml
: Not the most efficient, but it works. when you changed the svn:line-ending props for the scripts, i realized that "fixing" the files we put in the zip works as long as the release is built by someone on a unix env ... if someone prepares a release on a windows box, then the source in the tgz will need fixed. but as long as we build our first release on a unix machine we should be fine ... we can bullet proof the release mechanism later :) -Hoss
[VOTE] release Apache Solr 1.1.0
Thanks to everyone for all the work that went into making this release so far! I have posted a candidate release at http://people.apache.org/~yonik/solr/staging_area/ Please vote on releasing these packages as Apache Solr 1.1.0. The vote is open for the next 72 hours, and passes if at least three +1 votes are cast. Then the Apache Incubator must vote to allow this release. [ ] +1 Release the packages as Apache Solr 1.1.0 [ ] -1 Do not release the packages because... -Yonik
Re: javadoc location
: > OK, I fixed nightly.sh and pointed the website at api : : I also just added a symlink from docs/api to api so older wiki links : won't break. : I think that should work. yeah ... the one other little thing is making the links point at "api/index.html" istead of "api/" so that the local links from unpacking a distribution will work (most browsers just give a directory listng otherwise) i just commited .. updating site now (allthough it shouldn't matter) -Hoss
Re: javadoc location
On 12/16/06, Yonik Seeley <[EMAIL PROTECTED]> wrote: On 12/16/06, Chris Hostetter <[EMAIL PROTECTED]> wrote: > i was just thinking that if on the live site, we created "api" directly in > the main site directory (whatever it's called) then the relative link of > "./api/index.html" would work fine for the site navigation (and would work > with what i added to the "package" target today) > > i'm not really sure why the current realtive link is "./docs/api/" > > (H... it looks like my change caused a whole copy of the site to pe > put in /www/incubator.apache.org/solr/docs by the last run on the nightly > cron). OK, I fixed nightly.sh and pointed the website at api I also just added a symlink from docs/api to api so older wiki links won't break. I think that should work. -Yonik
Re: javadoc location
On 12/16/06, Chris Hostetter <[EMAIL PROTECTED]> wrote: i was just thinking that if on the live site, we created "api" directly in the main site directory (whatever it's called) then the relative link of "./api/index.html" would work fine for the site navigation (and would work with what i added to the "package" target today) i'm not really sure why the current realtive link is "./docs/api/" (H... it looks like my change caused a whole copy of the site to pe put in /www/incubator.apache.org/solr/docs by the last run on the nightly cron). OK, I fixed nightly.sh and pointed the website at api -Yonik
[jira] Resolved: (SOLR-74) Cross-site scripting vulnerabilities
[ http://issues.apache.org/jira/browse/SOLR-74?page=all ] Hoss Man resolved SOLR-74. -- Resolution: Fixed I made the neccessary changes to action.jsp, and analysis.jsp as well (since the analysys.jsp changes in SOLR-58 were rolled back recently) i didn't modify get-file.jsp -- it's mime type is explicitly text/plain, so there's nothing to escape. > Cross-site scripting vulnerabilities > > > Key: SOLR-74 > URL: http://issues.apache.org/jira/browse/SOLR-74 > Project: Solr > Issue Type: Bug > Components: web gui >Reporter: Erik Hatcher > Assigned To: Hoss Man > > There are a number of cross-site scripting vulnerabilities in the Solr admin > JSP pages, wherever data is being re-displayed as typed by the user. > For example, in analysis.jsp: name="qval"><%= qval %> > These need to be modified to HTML escape the values rather than directly > outputting the exact values. > The other affected JSP pages: action.jsp and get-file.jsp -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (SOLR-74) Cross-site scripting vulnerabilities
[ http://issues.apache.org/jira/browse/SOLR-74?page=all ] Hoss Man reassigned SOLR-74: Assignee: Hoss Man > Cross-site scripting vulnerabilities > > > Key: SOLR-74 > URL: http://issues.apache.org/jira/browse/SOLR-74 > Project: Solr > Issue Type: Bug > Components: web gui >Reporter: Erik Hatcher > Assigned To: Hoss Man > > There are a number of cross-site scripting vulnerabilities in the Solr admin > JSP pages, wherever data is being re-displayed as typed by the user. > For example, in analysis.jsp: name="qval"><%= qval %> > These need to be modified to HTML escape the values rather than directly > outputting the exact values. > The other affected JSP pages: action.jsp and get-file.jsp -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
