[Rt-commit] rt annotated tag, rt-3.6.11, created. rt-3.6.11

Kevin Falcone falcone at bestpractical.com
Thu Apr 14 10:18:46 EDT 2011 

The annotated tag, rt-3.6.11 has been created
        at  d3fc81557c647b2046ee807383562391ff8acf0a (tag)
   tagging  c320dceb66d59b46178555f3b96ba262bc7da472 (commit)
  replaces  rt-3.6.10
 tagged by  Kevin Falcone
        on  Thu Apr 14 10:18:09 2011 -0400

- Log -----------------------------------------------------------------
release 3.6.11
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)

iEYEABECAAYFAk2nAiEACgkQ0+gKWp5CJQpYWgCfTqAs1YxYlpGCctG9GB+4WkyO
KUgAn2fN1IAQdKdp6KkTLWTgVFz/oyPE
=wcLn
-----END PGP SIGNATURE-----

Alex Vandiver (6):
      Prevent FIELD- and OPERATOR- based SQL injection at the RT::SB level
      Restrict PrimaryGroupBy to only the explicit options that we offer
      Disallow SQL injection in FIELD argument to OrderBy
      Disallow arbitrary URLs from being redirected to during logout
      Update the two reports which used the short form of User in charting
      Use Apache->the_request for mod_perl1 compat, instead of ->unparsed_uri

Kevin Falcone (13):
      Merge branch '3.6.10-releng' into 3.6-trunk
      backport 84022062cec889f1cabf1d4a10e28b7b66addf23
      Update copyright for 2011
      Merge branch 'security/3.6/force-null' into 3.6.11-releng
      Merge branch 'security/3.6/limit-security-restriction' into 3.6.11-releng
      Merge branch 'security/3.6/orderby-injection' into 3.6.11-releng
      Merge branch 'security/3.6/path-traversal' into 3.6.11-releng
      Merge branch 'security/3.6/private-components' into 3.6.11-releng
      Merge branch 'security/3.6/remove-login-goto' into 3.6.11-releng
      Merge branch 'security/3.6/restrict-charting' into 3.6.11-releng
      Merge branch 'security/3.6/ticketsql-private-fields' into 3.6.11-releng
      Merge branch 'security/3.6/validate-refresh' into 3.6.11-releng
      prepare for 3.6.11

Shawn M Moore (6):
      Copy 4.0's path-traversal.t and tweak it for 3.8
      Forbid /. in Standalone
      Traversal protection for mason_handler.fcgi.in
      Traversal protection for speedycgi and svc
      Traversal protection for webmux.pl (mod_perl)
      Use only the integer number of seconds in the Refresh header

Thomas Sibley (5):
      Override Limit further to force values to NULL for IS and IS NOT
      Limit watcher subfields to a valid subset
      Reject requests for private components
      Remove the goto parameter from the login form
      Mark two known failing tests as TODO

-----------------------------------------------------------------------

More information about the Rt-commit mailing list