[Rt-commit] rt annotated tag, rt-4.0.6rc2, created. rt-4.0.6rc2

Alex Vandiver alexmv at bestpractical.com
Tue May 22 12:16:16 EDT 2012


The annotated tag, rt-4.0.6rc2 has been created
        at  0794de5c00009258427e4874bbe3eadd5dd0f598 (tag)
   tagging  b770e5f8abc6418ca8cb8e592287af535bd72249 (commit)
  replaces  rt-4.0.6rc1
 tagged by  Alex Vandiver
        on  Fri May 4 17:09:31 2012 -0400

- Log -----------------------------------------------------------------
release 4.0.6rc2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEABECAAYFAk+7abEACgkQMflWJZZAbqAUewCfR1ZobRm/+vg2l8XEseQPN2e6
95IAmwVuIKtHiE3yhMQnABZ5XY7iePAG
=EQQG
-----END PGP SIGNATURE-----

Alex Vandiver (11):
      Allow the homepage refresh argument as an idempotent query parameter
      Abstract out creation of request tokens which bypass CSRF
      Rename LogoutURL to the more general-use RefreshURL
      Add a global argument which contains the decoded $m->request_args
      Override $DECODED_ARGS with the (decoded) arguments from the CSRF token
      Merge branch 'security/4.0/interstitial-path' into 4.0.6-releng
      Clean up the error message in a common case of no explicit whitelisted hosts
      Set the refresh URL on ticket results to a CRSF-safe one
      Merge branch 'security/4.0/refresh-csrf' into 4.0.6-releng
      Merge branch 'security/4.0/csrf-menuing' into 4.0.6-releng
      Merge branch 'security/4.0/whitelist-csrf-referrer' into 4.0.6-releng

Jim Brandt (1):
      Add WebPath to link created on CSRF interstitial page.

Kevin Falcone (4):
      Fix a simple typo
      Switch to our so that extensions can whitelist components
      Add a new ReferrerWhitelist config option
      Document how to pull from the error into the config

-----------------------------------------------------------------------


More information about the Rt-commit mailing list