Author: tn
Date: Sat Nov 14 14:16:00 2015
New Revision: 1714331
URL: http://svn.apache.org/viewvc?rev=1714331&view=rev
Log:
Update 3.2.2 release notes site + add link to release notes in navigation.
Modified:
commons/proper/collections/trunk/src/site/site.xml
commons/proper/collections/trunk/src/site/xdoc/release_3_2_2.xml
Modified: commons/proper/collections/trunk/src/site/site.xml
URL:
http://svn.apache.org/viewvc/commons/proper/collections/trunk/src/site/site.xml?rev=1714331&r1=1714330&r2=1714331&view=diff
==============================================================================
--- commons/proper/collections/trunk/src/site/site.xml (original)
+++ commons/proper/collections/trunk/src/site/site.xml Sat Nov 14 14:16:00 2015
@@ -29,6 +29,7 @@
<item name="Users guide" href="/userguide.html"/>
<item name="History" href="/history.html"/>
<item name="Release Notes v4.0" href="/release_4_0.html"/>
+ <item name="Release Notes v3.2.2" href="/release_3_2_2.html"/>
<item name="Javadoc v4.1"
href="/javadocs/api-release/index.html"/>
<item name="Javadoc v4.0"
href="/javadocs/api-4.0/index.html"/>
<item name="Javadoc v3.2.2"
href="/javadocs/api-3.2.2/index.html"/>
Modified: commons/proper/collections/trunk/src/site/xdoc/release_3_2_2.xml
URL:
http://svn.apache.org/viewvc/commons/proper/collections/trunk/src/site/xdoc/release_3_2_2.xml?rev=1714331&r1=1714330&r2=1714331&view=diff
==============================================================================
--- commons/proper/collections/trunk/src/site/xdoc/release_3_2_2.xml (original)
+++ commons/proper/collections/trunk/src/site/xdoc/release_3_2_2.xml Sat Nov 14
14:16:00 2015
@@ -30,10 +30,18 @@ These are the release notes for Commons
<p>
Commons collections is a project to develop and maintain collection classes
based on and inspired by the JDK collection framework.
-This project is JDK 1.2 compatible, and does not use JDK 1.5 generics.
+This project is JDK 1.3 compatible, and does not use JDK 1.5 generics.
</p>
<p>
-This v3.2.2 release is a security and bug fix release.
+This v3.2.2 release is a bugfix release, fixing several bugs present in the
previous
+releases of the 3.2 branch. Additionally, this release provides a mitigation
for a
+known remote code exploitation via the standard java object serialization
mechanism.
+By default, serialization support for unsafe classes in the functor package is
+disabled and will result in an exception when either trying to serialize or
de-serialize
+an instance of these classes. For more details, please refer to
COLLECTIONS-580.
+</p>
+<p>
+All users are strongly encouraged to updated to this release.
</p>
<hr />
@@ -42,8 +50,98 @@ This v3.2.2 release is a security and bu
This release is fully source and binary compatible with v3.2. For changes
since the
v3.1 see the <a href="release_3_2.html">v3.2 Release Notes</a>. Note that the
method
'protected java.util.Set createSetBasedOnList(java.util.Set, java.util.List)'
has been
-added
+added.
</p>
+
+<center><h3>Changes</h3></center>
+<table>
+<tr>
+ <td>COLLECTIONS-580</td>
+ <td>Serialization support for unsafe classes in the functor package is
+ disabled by default as this can be exploited for remote code execution
+ attacks. To re-enable the feature the system property
+ "org.apache.commons.collections.enableUnsafeSerialization" needs to be
set to "true".
+ Classes considered to be unsafe are: CloneTransformer, ForClosure,
+ InstantiateFactory, InstantiateTransformer, InvokerTransformer,
+ PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure.</td>
+</tr>
+</table>
+
+<center><h3>Bugfixes</h3></center>
+<table>
+<tr>
+ <td>COLLECTIONS-538</td>
+ <td>"ExtendedProperties" will now use a privileged action to access the
"file.separator" system property.
+ In case the class does not have permission to read system properties, the
"File#separator" field will
+ be used instead. Thanks to Trejkaz.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-447</td>
+ <td>Tree traversal with a TreeListIterator will not be affected anymore by
+ the removal of an element directly after a call to previous(). Thanks to
Jeffrey Barnes.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-444</td>
+ <td>SetUniqueList.set(int, Object) now works correctly if the object to be
inserted
+ is already placed at the given position. Thanks to Thomas Vahrst, John
Vasileff.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-350</td>
+ <td>Removed debug output in "MapUtils#getNumber(Map)". Thanks to Michael
Akerman.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-335</td>
+ <td>Fixed cache assignment for "TreeBidiMap#entrySet". Thanks to sebb.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-334</td>
+ <td>Synchronized access to lock in "StaticBucketMap#size()". Thanks to
sebb.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-307</td>
+ <td>"SetUniqueList#subList()#contains(Object)" will now correctly check the
subList
+ rather than the parent list. Thanks to Christian Semrau.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-304</td>
+ <td>"SetUniqueList#set(int, Object)" will now correctly enforce the
uniqueness constraint.
+ Thanks to Rafa? Figas,Bjorn Townsend.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-294</td>
+ <td>"CaseInsensitiveMap" will now convert input strings to lower-case in a
+ locale-independent manner. Thanks to Benjamin Bentmann.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-266</td>
+ <td>"MultiKey" will now be correctly serialized/de-serialized. Thanks to
Joerg Schaible.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-261</td>
+ <td>"Flat3Map#remove(Object)" will now return the correct value mapped to the
removed key
+ if the size of the map is less or equal 3. Thanks to ori.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-249</td>
+ <td>"SetUniqueList.addAll(int, Collection)" now correctly add the collection
at the
+ provided index. Thanks to Joe Kelly.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-228</td>
+ <td>"MultiValueMap#put(Object, Object)" and "MultiValueMap#putAll(Object,
Collection)"
+ now correctly return if the map has changed by this operation.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-219</td>
+ <td>"CollectionUtils#removeAll" wrongly called "ListUtils#retainAll". Thanks
to Tom Leccese.</td>
+</tr>
+<tr>
+ <td>COLLECTIONS-217</td>
+ <td>Calling "setValue(Object)" on any Entry returned by a "Flat3Map" will now
+ correctly set the value for the current entry. Thanks to Matt Bishop.</td>
+</tr>
+</table>
+
</section>
</body>
