-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
This claims that these changes are being added in 9.0.30 which is only partially correct. Some of these changes were made in 9.0.29 which is currently under release-vote. I wasn't sure how everyone felt about me changing the changelog for a release that is already kind of "fixed". I"m happy to do any of the following: a. Ignore the oversight; leave the items in the changelog for 9.0.30 b. Split the items into 9.0.29 and 9.0.30 to reflect reality c. Make a note in 9.0.30 changelog that some items were really done in 9.0.29 The same will be true for the 8.5.x release. I have not yet back-ported these changes and want to make sure that I do things "properly". Thanks, - -chris On 11/19/19 12:32, schu...@apache.org wrote: > This is an automated email from the ASF dual-hosted git > repository. > > schultz pushed a commit to branch master in repository > https://gitbox.apache.org/repos/asf/tomcat.git > > > The following commit(s) were added to refs/heads/master by this > push: new decb12b Add missing changelog for CSRF prevention filter > changes. decb12b is described below > > commit decb12be68b2fc93284b0b8cc44fb53a16110eb0 Author: Christopher > Schultz <ch...@christopherschultz.net> AuthorDate: Tue Nov 19 > 12:31:56 2019 -0500 > > Add missing changelog for CSRF prevention filter changes. --- > webapps/docs/changelog.xml | 5 +++++ 1 file changed, 5 > insertions(+) > > diff --git a/webapps/docs/changelog.xml > b/webapps/docs/changelog.xml index a0915f9..42dbde9 100644 --- > a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ > -51,6 +51,11 @@ Fix the broken re-try link on the error page for > the FORM authentication example in the JSP section of the examples > web application. (markt) </fix> + <add> + Improvements > to CsrfPreventionFilter including additional + logging and > making the latest nonce available in the request + > attributes. (schultz) + </add> </changelog> </subsection> > </section> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3UJ9wACgkQHPApP6U8 pFh4GA/9H/bJjB+bWDYxMtYIpWJ34E3A7Bm4fcUOXCQKdcrkoNSPLKWpvM6CXrlc UA4j10vkCj9urwQQDCNdoQwhANDb7PRu85iV5usrqC1Eic+8Clp+JZeV1zk4MFEc 5zTXUPE1U2nXyfphwK0oKAXbXZJYtv4H8XMToHoCRegOFjpmPinW/UnzFZZ+rfSI 60/QTuCVe4PQ5sjYTcc2S/V3kRYFgFO80GI3fm38MLUGSOfZQJLS6nFqhKgV0112 vxbBrRQqrYTLOcgCzSNhHhlWbe1i4mwUblGbAKCamg9bHYIiOje798fKfKcRT2zA jkuKjako7C/A7Cr22iiRZgWwtSS4qn97SVNW5KeKJvzEbVb5MmPG5b782glL/u1F NCica+XZhCeO/jes3CC3Vs/fPJ/ZwwZgDVUAXGSZjZZ+VYOzoEnva1IbcTIZ0g7a uMDtzHxG1QxSHLWE6bmAQvBHop2bc5X5y0C88MaLKTiKGYnENpsRm+RXwYXqR6tY /Wm0yK16cep9JvLhtLpKJa1HvDIpHFBCp2aXSmb9BbGD2JBkscTY1JM9ZaBZSiTB oYPcQChlmxkzbmc559ufi1GoDDtlPFxxKpg7HYhTjBn/6A3U0DN6US0A3DM2pXMk emmEFy7PRTq38D8HIc9JfYE77e90KNOn3STBUtboC2EYgQ7sl6M= =C2Dq -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
