David Pollak feeder.of.the.be...@gmail.com writes:
I'd like to get a sense of how important the community views this defect.
Is it a backport the fix to every milestone and release yesterday or is it
a fix it in 2.0-M2 or someplace in between.
For me, it's fix it in 2.0-SNAPSHOT
/Jeppe
--
+1
Fix it in head, no need to back-port; M2 is only around the corner.
Cheers, Tim
On 3 Feb 2010, at 09:49, Jeppe Nejsum Madsen wrote:
David Pollak feeder.of.the.be...@gmail.com writes:
I'd like to get a sense of how important the community views this defect.
Is it a backport the fix to
1. Fix in head/master (2.0-SNAPSHOT) and prepone 2.0-M2.
2. Backport in 1.0.x branch and spin 1.0.4. We haven't marked 1.0.x
'unsupported' yet. Forcing apps to move to 2.0-M2 just for this
vulnerability fix isn't fun.
Cheers, Indrajit
On 03/02/10 3:34 PM, Timothy Perrett wrote:
+1
Fix it
I found that in the fix, \n is changed to \t, while \t to \n. Is this
desired behavior?
Thank you,
Feng
On Wed, Feb 3, 2010 at 9:20 AM, Indrajit Raychaudhuri
indraj...@gmail.comwrote:
1. Fix in head/master (2.0-SNAPSHOT) and prepone 2.0-M2.
2. Backport in 1.0.x branch and spin 1.0.4. We
Thanks for pointing that out. There are other problems as well... I'll fix
them (in both the Scala and Lift diffs)
On Wed, Feb 3, 2010 at 7:39 AM, Feng Zhang sharpzh...@gmail.com wrote:
I found that in the fix, \n is changed to \t, while \t to \n. Is this
desired behavior?
Thank you,
Feng
Folks,
Turns out there's a security vulnerability in Lift. It's possible to insert
control characters into input fields. When the control characters are sent
back to the browser, the browser will choke. An example can be seen at
http://demo.liftweb.net Go to that page, enter your name in the
If you scan the whole page wouldn't it affect performance? Or will you
put a safeguard in the input field / processing query parameters?
2010/2/2 Naftoli Gugenheim naftoli...@gmail.com:
Is that not a defect of the browsers?
On Tue, Feb 2, 2010 at 7:57 PM, David Pollak
radically.
Connected by MOTOBLURâ„¢ on T-Mobile
-Original message-
From: Naftoli Gugenheim naftoli...@gmail.com
To: liftweb liftweb@googlegroups.com
Sent: Wed, Feb 3, 2010 01:31:24 GMT+00:00
Subject: Re: [Lift] Lift security vulnerability
If you scan the whole page wouldn't it affect
:24 GMT+00:00*
Subject: *Re: [Lift] Lift security vulnerability
If you scan the whole page wouldn't it affect performance? Or will you
put a safeguard in the input field / processing query parameters?
2010/2/2 Naftoli Gugenheim :
Is that not a defect of the browsers?
On Tue, Feb 2, 2010
, 2010 01:31:24 GMT+00:00*
Subject: *Re: [Lift] Lift security vulnerability
If you scan the whole page wouldn't it affect performance? Or will you
put a safeguard in the input field / processing query parameters?
2010/2/2 Naftoli Gugenheim :
Is that not a defect of the browsers?
On Tue, Feb
10 matches
Mail list logo
