Author: smumford Date: 2011-08-11 23:40:34 -0400 (Thu, 11 Aug 2011) New Revision: 7053 Modified: epp/docs/branches/5.1/Release_Notes/en-US/5.1.1_Release_Notes.xml epp/docs/branches/5.1/Release_Notes/en-US/Book_Info.xml epp/docs/branches/5.1/Release_Notes/en-US/Revision_History.xml epp/docs/branches/5.1/Release_Notes/en-US/known_issues.xml epp/docs/branches/5.1/Release_Notes/en-US/need_info.xml epp/docs/branches/5.1/Release_Notes/en-US/resolved_issues.xml epp/docs/branches/5.1/Release_Notes/publican.cfg Log: Prepared for 5.1.1 release. Modified: epp/docs/branches/5.1/Release_Notes/en-US/5.1.1_Release_Notes.xml =================================================================== --- epp/docs/branches/5.1/Release_Notes/en-US/5.1.1_Release_Notes.xml 2011-08-11 10:54:22 UTC (rev 7052) +++ epp/docs/branches/5.1/Release_Notes/en-US/5.1.1_Release_Notes.xml 2011-08-12 03:40:34 UTC (rev 7053) @@ -379,7 +379,7 @@ <xi:include href="known_issues.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> </section> - <section> + <!--<section> <title><remark>NEEDINFO Issues</remark></title> <xi:include href="need_info.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> </section> @@ -387,32 +387,31 @@ <section> <title><remark>Not Documented Issues</remark></title> <xi:include href="not_documented.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> - </section> + </section> --> <section> <title>Security Related Issues</title> <variablelist> <title></title> <!-- https://issues.jboss.org/browse/JBEPP-598 --> <varlistentry> - <term><ulink url="https://issues.jboss.org/browse/JBEPP-598" /></term> + <term>XSS Issues</term> <listitem> - - - <warning> - <title>Not Public Yet - RHT+eXo</title> <para> - Security vulnerabilies arising from the execution of XSS javascript entered into various portal form fields have been eradicated in this release. + This release of JBoss Enterprise Portal Platform resolves a number of Cross Site Scripting found in the user creation and new page creation forms. </para> <para> - The resolution to this issue also resolves the following related JIRA issues: - <simplelist> + The following issues have been resolved: + </para> + <simplelist> + <member><ulink type="http" url="https://issues.jboss.org/browse/JBEPP-598" /></member> <member><ulink type="http" url="https://issues.jboss.org/browse/JBEPP-847"></ulink&g... <member><ulink type="http" url="https://issues.jboss.org/browse/JBEPP-997"></ulink&g... <member><ulink type="http" url="https://issues.jboss.org/browse/JBEPP-914"></ulink&g... <member><ulink type="http" url="https://issues.jboss.org/browse/JBEPP-365"></ulink&g... </simplelist> + <para> + Work to address further XSS issues is ongoing. </para> - </warning> </listitem> </varlistentry> @@ -420,14 +419,9 @@ <varlistentry> <term><ulink url="https://issues.jboss.org/browse/JBEPP-597" /></term> <listitem> - - - <warning> - <title>Not Public Yet - RHT+eXo</title> <para> The name of a dashboard page entered by user was not properly encoded before being returned on the web browser. This allowed javascript snippets to be executed when creating a new page through the Portal Dashboard. The name of the page is now properly HTML encoded before being returned and javascript is no longer invoked when entered into page fields. </para> - </warning> </listitem> </varlistentry> @@ -435,16 +429,13 @@ <term><ulink url="https://issues.jboss.org/browse/JBEPP-881" /></term> <listitem> <!-- Added on advice from Dave Jorm in the security team --> - - <warning> - <title>Not Public Yet - RHT+eXo</title> + <para> It was found that JBoss Seam 2 did not properly block access to JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. </para> <para> This issue has been fixed in JBoss Enterprise Application Platform version 5.1.1, which is incorporated in this release of JBoss Enterprise Portal Platform. </para> - </warning> </listitem> </varlistentry> Modified: epp/docs/branches/5.1/Release_Notes/en-US/Book_Info.xml =================================================================== --- epp/docs/branches/5.1/Release_Notes/en-US/Book_Info.xml 2011-08-11 10:54:22 UTC (rev 7052) +++ epp/docs/branches/5.1/Release_Notes/en-US/Book_Info.xml 2011-08-12 03:40:34 UTC (rev 7053) @@ -9,7 +9,7 @@ <productname>JBoss Enterprise Portal Platform</productname> <productnumber>5.1</productnumber> <edition>2.1</edition> - <pubsnumber>5.1.6</pubsnumber> + <pubsnumber>5.1.8</pubsnumber> <abstract> <para> These release notes contain important information related to JBoss Enterprise Portal Platform &VX; that may not be currently available in the Product Manuals. You should read these Release Notes in their entirety before installing the product. Modified: epp/docs/branches/5.1/Release_Notes/en-US/Revision_History.xml =================================================================== --- epp/docs/branches/5.1/Release_Notes/en-US/Revision_History.xml 2011-08-11 10:54:22 UTC (rev 7052) +++ epp/docs/branches/5.1/Release_Notes/en-US/Revision_History.xml 2011-08-12 03:40:34 UTC (rev 7053) @@ -8,7 +8,21 @@ <simpara> <revhistory> <revision> - <revnumber>2.1-5.1.6</revnumber> + <revnumber>2.1-5.1.8</revnumber> + <date>Fri Aug 12 2011</date> + <author> + <firstname>Scott</firstname> + <surname>Mumford</surname> + <email></email> + </author> + <revdescription> + <simplelist> + <member>Prepared for 5.1.1 release.</member> + </simplelist> + </revdescription> + </revision> + <revision> + <revnumber>2.1-5.1.7</revnumber> <date>Wed Aug 10 2011</date> <author> <firstname>Scott</firstname> @@ -17,12 +31,12 @@ </author> <revdescription> <simplelist> - <member>Added CVE-2011-1484 to Securty section.</member> - <member>Corrected minor typographicl errors.</member> + <member>Added CVE-2011-1484 to Security section.</member> + <member>Corrected minor typographical errors.</member> </simplelist> </revdescription> </revision> - <revision> + <!--<revision> <revnumber>2.1-5.1.4</revnumber> <date>Tue Aug 9 2011</date> <author> @@ -50,7 +64,7 @@ <member>Updated to incorporate further bug fixes.</member> </simplelist> </revdescription> - </revision> + </revision> <revision> <revnumber>2.1-5.1.2</revnumber> <date>Mon Jul 11 2011</date> @@ -78,7 +92,7 @@ <member>Updated for 5.1.1 Release.</member> </simplelist> </revdescription> - </revision> + </revision> --> <revision> <revnumber>1-1.3</revnumber> <date>Thu Jun 02 2011</date> Modified: epp/docs/branches/5.1/Release_Notes/en-US/known_issues.xml =================================================================== --- epp/docs/branches/5.1/Release_Notes/en-US/known_issues.xml 2011-08-11 10:54:22 UTC (rev 7052) +++ epp/docs/branches/5.1/Release_Notes/en-US/known_issues.xml 2011-08-12 03:40:34 UTC (rev 7053) @@ -10,7 +10,7 @@ <term><ulink type="http" url="https://issues.jboss.org/browse/JBEPP-927"></ulink&g... <listitem> <para> - Administrators and users should be aware that adding a gadget to any portal page other than the dashboard, will result in any user set preferences or modifications (adding entries to the TODO gadget, for example) <emphasis role="bold">not</emphasis> being saved in a persistant manner. + Administrators and users should be aware that adding a gadget to any portal page other than the dashboard, will result in any user set preferences or modifications (adding entries to the TODO gadget, for example) <emphasis role="bold">not</emphasis> being saved in a persistent manner. </para> <para> This limitation will be corrected in a later version of JBoss Enterprise Portal Platform. Modified: epp/docs/branches/5.1/Release_Notes/en-US/need_info.xml =================================================================== --- epp/docs/branches/5.1/Release_Notes/en-US/need_info.xml 2011-08-11 10:54:22 UTC (rev 7052) +++ epp/docs/branches/5.1/Release_Notes/en-US/need_info.xml 2011-08-12 03:40:34 UTC (rev 7053) @@ -5,34 +5,6 @@ <variablelist> - <!-- https://issues.jboss.org/browse/JBEPP-764 --> - <varlistentry> - <term><ulink url="https://issues.jboss.org/browse/JBEPP-764" /></term> - <listitem> - - - <para> - To isolate multiple clusters running on the same network, the JBoss Cache and JGroups configuration files used in JBoss Enterprise Portal Platform have been updated to include partition name (-g) and multicast address (-u) properties used in JBoss Enterprise Application Platform. - </para> - - </listitem> - </varlistentry> - - <!-- https://issues.jboss.org/browse/JBEPP-811 --> - <varlistentry> - <term><ulink url="https://issues.jboss.org/browse/JBEPP-811" /></term> - <listitem> - - - <para> - Some caching and overwriting issues have been encountered when more than one portal user attempts to manipulate the same portal resource concurrently (by editing the same page at the same time, for example). - -This release of JBoss Enterprise Portal Platform includes multiple patches designed to mitigate the issue somewhat. However, this is a complex issue and further development will be required in later iterations to resolve it completely. - </para> - - </listitem> - </varlistentry> - <!-- https://issues.jboss.org/browse/JBEPP-874 --> <varlistentry> <term><ulink url="https://issues.jboss.org/browse/JBEPP-874" /></term> Modified: epp/docs/branches/5.1/Release_Notes/en-US/resolved_issues.xml =================================================================== --- epp/docs/branches/5.1/Release_Notes/en-US/resolved_issues.xml 2011-08-11 10:54:22 UTC (rev 7052) +++ epp/docs/branches/5.1/Release_Notes/en-US/resolved_issues.xml 2011-08-12 03:40:34 UTC (rev 7053) @@ -86,6 +86,19 @@ </listitem> </varlistentry> + <!-- https://issues.jboss.org/browse/JBEPP-764 --> + <varlistentry> + <term><ulink url="https://issues.jboss.org/browse/JBEPP-764" /></term> + <listitem> + + + <para> + To isolate multiple clusters running on the same network, the JBoss Cache and JGroups configuration files used in JBoss Enterprise Portal Platform have been updated to include <emphasis role="bold">partition name</emphasis> and <emphasis role="bold">multicast address</emphasis> properties. + </para> + + </listitem> + </varlistentry> + <!-- https://issues.jboss.org/browse/JBEPP-768 --> <varlistentry> <term><ulink url="https://issues.jboss.org/browse/JBEPP-768" /></term> @@ -203,7 +216,23 @@ </listitem> </varlistentry> - + + <!-- https://issues.jboss.org/browse/JBEPP-811 --> + <varlistentry> + <term><ulink url="https://issues.jboss.org/browse/JBEPP-811" /></term> + <listitem> + + + <para> + A race condition encountered when more than one portal user attempts to create a page at the same time has been addressed in this release. The issue presented if two pages were created simultaneously, with one process finishing slightly after the first but before the first process had redirected to the new page. This scenario would result in the second page overwriting the first. + </para> + <para> + Patches which resolve the page creation issue have been applied to this release. However, further development will be required in later iterations to resolve concurrency issues completely. + </para> + + </listitem> + </varlistentry> + <!-- https://issues.jboss.org/browse/JBEPP-813 --> <varlistentry> <term><ulink url="https://issues.jboss.org/browse/JBEPP-813" /></term> @@ -367,7 +396,7 @@ <para> - The JCR cache configuration files in JBoss Enterprise Portal Platform 5.1.1 have been moved from the /JBOSS_HOME/server/PROFILE/deploy/gatein.ear/lib/exo.portal.component.common-&amp;lt;version&amp;gt;.jar to /JBOSS_HOME/server/PROFILE/deploy/gatein.ear/02portal.war/WEB-INF/conf/. + The JCR cache configuration files in JBoss Enterprise Portal Platform 5.1.1 have been moved from the /JBOSS_HOME/server/PROFILE/deploy/gatein.ear/lib/exo.portal.component.common-&lt;version&gt;.jar to /JBOSS_HOME/server/PROFILE/deploy/gatein.ear/02portal.war/WEB-INF/conf/. </para> <para> This change created problems when attempting to start upgraded versions of JBoss Enterprise Portal Platform that had the original file path stored in the JCR_CONFIG table in the database. To resolve the issue, duplicates of the configuration files have been retained in the original location. This also ensures backward compatibility, without the need to change the database. Modified: epp/docs/branches/5.1/Release_Notes/publican.cfg =================================================================== --- epp/docs/branches/5.1/Release_Notes/publican.cfg 2011-08-11 10:54:22 UTC (rev 7052) +++ epp/docs/branches/5.1/Release_Notes/publican.cfg 2011-08-12 03:40:34 UTC (rev 7053) @@ -4,7 +4,7 @@ debug: 1 xml_lang: en-US brand: JBoss -show_remarks: 1 +#show_remarks: 1 cvs_branch: DOCS-RHEL-6 cvs_root: :ext:cvs.devel.redhat.com:/cvs/dist cvs_pkg: JBoss_Enterprise_Portal_Platform-5.1.1_Release_Notes-5.1-web-__LANG__ \ No newline at end of file