apache > lenya
 
 
PDF -icon
PDF

History of Changes

RSS

Introduction and explanation of symbols

Changes are sorted by "{0}" and thentype chronologically with the most recent at the top. These symbols denote the various action types:add=add, remove=remove, update=update

Version 2007-08 ()

1.2

  • update[1.2] Adding upload feature to neutron usecase. Thanks to Thomas Comiotto Diff Committed by jann.
  • update[1.2] link and typo fixed Diff Committed by michi.

2.0

  • add[2.0] moved login/logout usecase views from ac to acusecases module, where the java part is already. changed xconfs accordingly Diff Committed by nettings.
  • add[2.0] Moved UUIDGenerator service from impl to api Diff Committed by andreas.
  • add[2.0] Added SourceNodeRcmlFactory which creates per-URI singleton RCML objects (forgot in last commit) Diff Committed by andreas.
  • add[2.0] Moving SSL handling from OutgoingLinkRewriter to SslRedirectAction (much better performance) Diff Committed by andreas.
  • add[2.0] Introduce Persistable interface. This allows to save complex objects (meta data, site tree) only once before the session is committed. Optimistic usecases lock their nodes before the usecase is executed (see bug 43136). Diff Committed by andreas.
  • add[2.0] Added menu module, e.g. for asynchronous menu loading Diff Committed by andreas.
  • add[2.0] Bug 42558 lenya.properties.xml per publication. Patch submitted by Markus Angst. Thank you very much Markus. Adding example to the default pub. Diff Committed by thorsten.
  • add[2.0] Added tee transformer and simple load test to development module Diff Committed by andreas.
  • remove[2.0] svn merge -r 562961:562875 https://svn.apache.org/repos/asf/lenya/trunk undo accidental commit - apologies for the noise. Diff Committed by nettings.
  • remove[2.0] removed unused search usecase view from usecase module Diff Committed by nettings.
  • remove[2.0] removed unused stylesheet from core. it apparently converted the output of the directory generator to a webDAV propfind reply. the webdav module implements the same functionality with its webdav.propfind usecase. Diff Committed by nettings.
  • update[2.0] Correctly retrieves list of preceding siblings now. Can now move node up to top position in a substree. Diff Committed by rfrovarp.
  • update[2.0] tried to clarify javadocs, please review! Diff Committed by nettings.
  • update[2.0] [minor change] removed unused import, fixed special character issue Diff Committed by andreas.
  • update[2.0] javadocs additions Diff Committed by nettings.
  • update[2.0] Revisions usecase: Removed NPE workaround, use parameter for workflow event Diff Committed by andreas.
  • update[2.0] Simplified and cleaned up revision control code. The SourceNodeRCML doesn't write to the real source anymore. This is part of the fix for bug 42937. Diff Committed by andreas.
  • update[2.0] Form editors: add check if source document is null (more robust when running web tests) Diff Committed by andreas.
  • update[2.0] Use LinkedHashMap to preserve resource type sample order. This fixes bug 42942. Diff Committed by andreas.
  • update[2.0] Prevent backspace key as back in the two forms editors. Diff Committed by rfrovarp.
  • update[2.0] tinymce now also uses richard's backspace catcher, for consistency with the other editors. Diff Committed by nettings.
  • update[2.0] removed unused parameter "requestURI" from UsecaseAuthorizer interface fixed UsecaseAuthorizerImpl and external occurrences accordingly cleaned up UsecaseAuthorizerImpl: * made helper functions private, since they are not part of any interface, and an "Impl" should not add to the externally visible API. * removed duplicate javadocs, added @see to interface docs Diff Committed by nettings.
  • update[2.0] missed one public helper method in the last commit... Diff Committed by nettings.
  • update[2.0] reordered properties and methods. no functional change. Diff Committed by nettings.
  • update[2.0] made getConfiguration() private. that's all for now.. :) Diff Committed by nettings.
  • update[2.0] rearranged methods and properties. no functional change. Diff Committed by nettings.
  • update[2.0] removed private helper functions, moved code into public interface method. Diff Committed by nettings.
  • update[2.0] javadoc additions. Diff Committed by nettings.
  • update[2.0] move UsecaseAuthorizer, impl and helper classes from usecase to ac module to avoid circular dependencies create new usecase ac.visit change PolicyAuthorizer to check ac.visit permission for each requested page add usecase policy to default: ac.visit will be granted to editors, admins and reviewers (basically restoring the old implicit behaviour, but now in a clean and obvious way without opening security holes) WARNING: this is a proof-of-concept code that touches security-critical infrastructure. it will compile and has been tested briefly. there has been NO SECURITY AUDIT of any kind. the whole shebang may be utter bogus - it's here as a discussion item. Diff Committed by nettings.
  • update[2.0] no functional changes. removed erroneous comments from xpatch files. whitenoise. Diff Committed by nettings.
  • update[2.0] added deprecation note (file remains for now as it's being used by kupu and bxe) Diff Committed by nettings.
  • update[2.0] fix internal-only setting. it was wrongly attached to a matcher instead of the pipeline... Diff Committed by nettings.
  • update[2.0] removed unused SourceResolver. no functional change. Diff Committed by nettings.
  • update[2.0] added some comments. there is a (to me) totally mysterious conditional regarding the source of the usecase policy configuration. if you know your way around this piece of code, could you please chuck out my FIXME: comments and add some clarification? thanks. Diff Committed by nettings.
  • update[2.0] grouped properties by scope at the top. no functional changes. Diff Committed by nettings.
  • update[2.0] UsecaseAuthorizerImpl: Removed unused code, updated javadocs Diff Committed by andreas.
  • update[2.0] Fixes issue with the script eating backspaces in the editing area. Thanks to Jörn for reporting. Diff Committed by rfrovarp.
  • update[2.0] Removed debugging code. Diff Committed by rfrovarp.
  • update[2.0] Fixes bug 43064. Thanks to Markus Angst for the bug report and patch. Diff Committed by rfrovarp.
  • update[2.0] Don't create continuation if usecase preconditions failed. This avoids the 'no transition for event checkExecutionConditions in state start' errors. Diff Committed by andreas.
  • update[2.0] Send notification message if a document could not be indexed (temporary workaround for bug 42510 until we have an indexing queue) Diff Committed by andreas.
  • update[2.0] Create continuation for usecase if preconditions failed, but don't advance/execute. Diff Committed by andreas.
  • update[2.0] Refactored revision control: clean up XML reading+writing. RCML objects are now singletons per source URI. This allows to synchronize access per RCML object, avoiding synchronization issues which occured when running load tests. UnitOfWork.commit() and rollback() are now synchronized via the class object to avoid inter-usecase commit synchronization issues (also occured during load tests). Diff Committed by andreas.
  • update[2.0] Updating load test after changes to usecase flowscript Diff Committed by andreas.
  • update[2.0] Removed method Node.getRcml() for safety reasons. This lead to the removal of the revision controller class and some refactorings. Diff Committed by andreas.
  • update[2.0] Added usecase to force the check-in of documents. Diff Committed by andreas.
  • update[2.0] Fixed revision control issue: Don't consider only backup entries when checking for the last modified version. Diff Committed by andreas.
  • update[2.0] Added method AbstractUsecase.prepareView() and use it in ForceCheckIn usecase. Diff Committed by andreas.
  • update[2.0] Removed PolicyAuthorizer, moved role resolving to DefaultAccessController Diff Committed by andreas.
  • update[2.0] Extend the UsecaseAuthorizerImpl to check the page access. This is done by a ac.visit pseudo-usecase. For more info, see bug 42952. Thanks a lot to Joern Nettingsmeier for the patch (I applied it because it depended on some changes to the role resolving). Diff Committed by andreas.
  • update[2.0] Log error message when indexing failed. Diff Committed by andreas.
  • update[2.0] Fixed javadoc error, synchronize lock method in SourceNode Diff Committed by andreas.
  • update[2.0] Avoid NPE in force check-in usecase Diff Committed by andreas.
  • update[2.0] Introduced global transaction lock Diff Committed by andreas.
  • update[2.0] Removed unnecessary lock check Diff Committed by andreas.
  • update[2.0] Use revision history for last modification date in source nodes, more accurate than file system Diff Committed by andreas.
  • update[2.0] Removed unnecessary modification check from site tree (handled by transaction) Diff Committed by andreas.
  • update[2.0] added note to readme about removal of policy authorizer, since it requires changes to custom publications. Diff Committed by nettings.
  • update[2.0] Load site structure for area every time it is requested to avoid stale site objects Diff Committed by andreas.
  • update[2.0] Advance state machine in AbstractUsecase after corresponding method succeeded Diff Committed by andreas.
  • update[2.0] Remove unnecessary session selection code from sitetree implementation Diff Committed by andreas.
  • update[2.0] Added transition check for AbstractUsecase methods Diff Committed by andreas.
  • update[2.0] [minor change] improved error message Diff Committed by andreas.
  • update[2.0] [refactoring] better code re-use in DocumentFactoryImpl Diff Committed by andreas.
  • update[2.0] [minor change] removed unused import Diff Committed by andreas.
  • update[2.0] [minor change] removed unused import Diff Committed by andreas.
  • update[2.0] Moved transaction locking from UnitOfWorkImpl to SessionImpl Diff Committed by andreas.
  • update[2.0] Use more readable XML format for RCML files Diff Committed by andreas.
  • update[2.0] Improved load test Diff Committed by andreas.
  • update[2.0] resource type configuration cleanup part 1: <sample-name>foo://bar</sample-name> becomes <sample uri="foo://bar"/> Diff Committed by nettings.
  • update[2.0] resource type configuration cleanup part 2: <schema src="foo://bar.rng" language="http://relaxng.org/ns/structure/0.9"/> becomes <schema uri="foo://bar.rng" namespace="http://relaxng.org/ns/structure/0.9"/> Diff Committed by nettings.
  • update[2.0] whitenoise, reorganized source code. no functional change. Diff Committed by nettings.
  • update[2.0] whitenoise, rearranged class properties. FIXME: what is the "synchronized" attribute in workflow transitions? looks like dead code, because it's not in the default pub, and the validation schema does not even mention it... Diff Committed by nettings.
  • update[2.0] removed unused workflow validation xsd. ported xsd to rng, it is now applied during build. this change requires the xsi:schemaLocation attribute to be removed from custom workflow declarations. fixes bug http://issues.apache.org/bugzilla/show_bug.cgi?id=42351 Diff Committed by nettings.
  • update[2.0] Add method to resolve links without providing a start document Diff Committed by andreas.
  • update[2.0] UuidToUrlTransformer: handle non-document start URLs Diff Committed by andreas.
  • update[2.0] Provide language parameter in sitetree links to avoid the failing of the UuidToUrlTransformer Diff Committed by andreas.
  • update[2.0] Removed unused variable. Diff Committed by rfrovarp.
  • update[2.0] Removed unused variable. Diff Committed by rfrovarp.
  • update[2.0] Fix potential NPE Diff Committed by rfrovarp.
  • update[2.0] Make public static field immutable Diff Committed by rfrovarp.
  • update[2.0] Cleaned up debugging message. Include name of IP range in error message instead of null. Diff Committed by rfrovarp.
  • update[2.0] Fixed up string equality issues. Diff Committed by rfrovarp.
  • update[2.0] Cleans up the look of the insert link display. Wraps the form inside of the standard box that is used everywhere else. Also goes back to the side by side layout. Can easily be changed to top to bottom if desired. Most of the changes are formatting as a result of the added divs. Thanks to Jonathan Albers for the help. Diff Committed by rfrovarp.
  • update[2.0] Now looks like all the other create usecases: no menu, wrapped in the standard usecase template. Diff Committed by rfrovarp.
  • update[2.0] Allow those with edit permission to cut and copy. They already can create, delete, nudge, and paste. Diff Committed by rfrovarp.
  • update[2.0] DateFormat is NOT thread safe. To be so it must be externally synchronized. I don't see any benefit, so I've just removed the static. Diff Committed by rfrovarp.
  • update[2.0] Re-added newVersion parameter to RCML Diff Committed by andreas.
  • update[2.0] Don't store DocumentFactory instance in PublicationFactory, this seemed to cause trouble (see bug 43110) Diff Committed by andreas.
  • update[2.0] Don't store DocumentFactory instance in PublicationFactory, this seemed to cause trouble (see bug 43110) Diff Committed by andreas.
  • update[2.0] LanguageExistsAction: code simplification, javadoc cleanup Diff Committed by andreas.
  • update[2.0] Added RepositoryItem.getSession(), removed NodeFactory.setSession() Diff Committed by andreas.
  • update[2.0] Should be start() instead of run(). Unless the code is supposed to run in the current thread, but at that point creating the thread is pointless. Diff Committed by rfrovarp.
  • update[2.0] Now releases lock while waiting for indexer to be released. Diff Committed by rfrovarp.
  • update[2.0] Make sure only one thread is getting to the DateFormat object at a time. Diff Committed by rfrovarp.
  • update[2.0] Fixed equal objects must have equal hash codes problem. Diff Committed by rfrovarp.
  • update[2.0] Prevent NPE in final handleError() method. Diff Committed by rfrovarp.
  • update[2.0] getAttributeNS() will never return null. It will return an empty string if the lookup fails, so I believe this is correct. The non-short circuiting or is confusing and I don't see the reason for it here. Change them back if I'm wrong. Diff Committed by rfrovarp.
  • update[2.0] Removed new String() so that strings can be interned, removed toString() on strings, converted new Boolean to Boolean.valueOf() to use interned value. Diff Committed by rfrovarp.
  • update[2.0] Removed unused variables and redundant null checks and imports as necessary. Diff Committed by rfrovarp.
  • update[2.0] Reverting r565787. Turns out it must run in the current thread for now. Diff Committed by rfrovarp.
  • update[2.0] Use StringTokenizer instead of String.split() for performance reasons Diff Committed by andreas.
  • update[2.0] Refactoring (performance improvement) Diff Committed by andreas.
  • update[2.0] SiteTree: store node factory as field to improve performance Diff Committed by andreas.
  • update[2.0] Refactoring, better code readability in document policy manager wrapper Diff Committed by andreas.
  • update[2.0] Remove SiteUtil.isDocument() Diff Committed by andreas.
  • update[2.0] Made SourceCache ThreadSafe Diff Committed by andreas.
  • update[2.0] Replaced String.split() by StringTokenizer (performance) Diff Committed by andreas.
  • update[2.0] [minor change] javadoc fix Diff Committed by andreas.
  • update[2.0] Check meta data key only if no values exist (performance) Diff Committed by andreas.
  • update[2.0] fixed typo in comment Diff Committed by rfrovarp.
  • update[2.0] Avoid exception in ForceCheckIn.prepareView() Diff Committed by andreas.
  • update[2.0] Consider preconditions when advancing usecase state in webdav.js (avoid state machine exceptions) Diff Committed by andreas.
  • update[2.0] Added workaround for usecases which can't use the same session for check-in and check-out (BXE, FCKeditor): Allow to check-out a node without the restriction to the same session. See bug 43157. Diff Committed by andreas.
  • update[2.0] Don't restrict kupu check-out to session Diff Committed by andreas.
  • update[2.0] Made publication manager more efficient and correct (avoid invalid publication objects) Diff Committed by andreas.
  • update[2.0] Module manager: compute file URI at startup and not on demand for better performance Diff Committed by andreas.
  • update[2.0] Store site structure in area object for better performance Diff Committed by andreas.
  • update[2.0] Removed execution time check from FallbackSourceFactory (GregorianCalendar is expensive) Diff Committed by andreas.
  • update[2.0] Performance optimization in Query class Diff Committed by andreas.
  • update[2.0] PublicationTemplateManager: use file path instead of context:// path (less expensive) Diff Committed by andreas.
  • update[2.0] Made SslRedirectAction work with non-access-controller URLs Diff Committed by andreas.
  • update[2.0] Don't create session UUID for immutable sessions Diff Committed by andreas.
  • update[2.0] Prevent NPE. Not sure how it happened, but I did get a null identity. Diff Committed by rfrovarp.
  • update[2.0] Updated InsertAsset to new OutgoingLinkRewriter constructor Diff Committed by andreas.
  • update[2.0] Use SharedItemStore specifically for the site tree. This avoids the problem that the SharedItemStore is filled with Document and other objects. The DelegatingSiteTree can be shared. Diff Committed by andreas.
  • update[2.0] [minor change] removed invalid catch block Diff Committed by andreas.
  • update[2.0] Fixed class cast problems with delegating sitetree Diff Committed by andreas.
  • update[2.0] Use modifiable session in ReservedCheckinAction (fixes bug 43157) Diff Committed by andreas.
  • update[2.0] Added DocumentFactory.existsPublication(id) for simplicity, fixed publication handling in i18n (fixes bug 43171) Diff Committed by andreas.
  • update[2.0] [minor change] added some javadocs Diff Committed by andreas.
  • update[2.0] [minor change] removed unused field Diff Committed by andreas.
  • update[2.0] UuidToUrlTransformer: lookup document extension only if necessary (expensive) Diff Committed by andreas.
  • update[2.0] Use default extension 'html' to avoid extension lookup for each document (expensive) Diff Committed by andreas.
  • update[2.0] Set expiration to 2 hours for language-selector SVG images to reduce server load Diff Committed by andreas.
  • update[2.0] Use transparent background for sitetree icons Diff Committed by andreas.
  • update[2.0] Fixed execution order in usecases flowscript Diff Committed by andreas.
  • update[2.0] [minor change] removed unused namespace declarations Diff Committed by andreas.
  • update[2.0] Prepare core for Ajax menu Diff Committed by andreas.
  • update[2.0] Make user names case insensitive. Fixes bug 41848. Diff Committed by rfrovarp.
  • update[2.0] Always strip spaces from node name in create usecase. Diff Committed by andreas.
  • update[2.0] Fixed usecase state machine transition (fixes bug 43185). Diff Committed by andreas.
  • update[2.0] Don't alert error messages when loading the menu Diff Committed by andreas.
  • update[2.0] Bug 42558 lenya.properties.xml per publication. Patch submitted by Markus Angst. Thank you very much Markus. Additional added logging in an empty catch. Diff Committed by thorsten.
  • update[2.0] Adding context prefix to MENU_URL. Otherwise it will not work if you use lenya with tomcat in a non ROOT context Diff Committed by jann.
  • update[2.0] Improved Ajax menubar generation (load single menus on demand) Diff Committed by andreas.
  • update[2.0] added comment about disabling prettyprinting in production Diff Committed by nettings.
  • update[2.0] Add revision number to Document interface, added revision handling to LenyaMetaDataTransformer and DocumentInfoModule. This fixes bug 42932. Diff Committed by andreas.
  • update[2.0] Added revision handling to SVG image resizing. Diff Committed by andreas.
  • update[2.0] [minor change] removed dead code Diff Committed by andreas.
  • update[2.0] [minor change] removed outdated fixme comment Diff Committed by andreas.
  • update[2.0] Updating collection sitemap to new LenyaMetaDataGenerator syntax Diff Committed by andreas.
  • update[2.0] Updating default pub sitemap to new LenyaMetaDataGenerator syntax Diff Committed by andreas.
  • update[2.0] [minor change] fixed sitemap parameter, improved comments Diff Committed by andreas.
  • update[2.0] Removed fallback:// for publication-does-not-exist.jx (makes no sense) Diff Committed by andreas.
  • update[2.0] Avoid NPE in PageEnvelopeModule for non-publication URLs Diff Committed by andreas.
  • update[2.0] Replaced file handling in ResourceExistsAction with TraversableSource handling Diff Committed by andreas.
  • update[2.0] Fixed meta data generator call Diff Committed by andreas.
  • update[2.0] Fixed revision writability check in DocumentImpl Diff Committed by andreas.
  • update[2.0] Performance optimization: re-arranged pipelines in global-sitemap.xmap Diff Committed by andreas.
  • update[2.0] Use global parameter for pipeline expiration Diff Committed by andreas.
  • update[2.0] Avoid exception for lenya-document URLs on non-document URLs (fixes bug 43227). Diff Committed by andreas.
  • update[2.0] Move check-in of nodes to finally block to avoid stale checked-in nodes (see bug 43163) Diff Committed by andreas.
  • update[2.0] Clear source node RCML entries when deleting. Otherwise, the last check-in entry will keep active. See bug 43163 for more information. Diff Committed by andreas.
  • update[2.0] Replaced lenyadoc URL with lenya-document URL Diff Committed by andreas.
  • update[2.0] Fixed lenya-document URL (removed trailing slash) Diff Committed by andreas.
  • update[2.0] Mark AxisUUIDGenerator as ThreadSafe Diff Committed by andreas.
  • update[2.0] Mark AxisUUIDGenerator as ThreadSafe Diff Committed by andreas.
  • update[2.0] [minor change] refactoring - extract field Diff Committed by andreas.
  • update[2.0] Disable browsing button in built in image and link windows since we now use plugins. Diff Committed by rfrovarp.
  • update[2.0] Put simple object instead of source wrapper in sourceUris map. This avoids a memory leak. See bug 43240. Diff Committed by andreas.
  • update[2.0] Store publication ID instead of publication object in DocumentIdentifier. See bug 43240. Diff Committed by andreas.
  • update[2.0] Avoid returning null-value DocumentLocator objects Diff Committed by andreas.
  • update[2.0] Translate image/pjpeg to image/jpeg for purposes of reading image dimensions. Fixes bug 43245. Diff Committed by rfrovarp.
  • update[2.0] Added check to SourceNode if it was loaded when it is locked. This can help to uncover situations where the repository might become corrupted. See bug 43136, comment #18. Diff Committed by andreas.
  • update[2.0] Fixed possible synchronization issue with loading and lastModified Diff Committed by rfrovarp.
  • update[2.0] Fixed possible NPE. Diff Committed by rfrovarp.
  • update[2.0] Synchronize access to committed. Diff Committed by rfrovarp.
  • update[2.0] Will hopefully fix bug 42370 Diff Committed by rfrovarp.
  • update[2.0] Fixes bug 43198. Diff Committed by rfrovarp.
  • update[2.0] Fixes bug 43137. Diff Committed by rfrovarp.
  • update[2.0] Performance increase. Use StringBuffer instead of straight string concatenation inside of loops. Diff Committed by rfrovarp.
  • update[2.0] Performance increase. Use StringBuffer instead of straight string concatenation inside of loops. Diff Committed by rfrovarp.
  • update[2.0] Removed unused variable. Diff Committed by rfrovarp.
  • update[2.0] Protects paramList. Using final only protects the reference to the array, not the references contained within. Shallow clone is good enough to get around this. Diff Committed by rfrovarp.
  • update[2.0] Date objects are mutable, so store copy. Fixed up variables so they are all in one place. Diff Committed by rfrovarp.
  • update[2.0] Forgot to cast the clone. Diff Committed by rfrovarp.
  • update[2.0] Two more cases of storing external references to mutable objects. Diff Committed by rfrovarp.
  • update[2.0] Clone returned date objects. Diff Committed by rfrovarp.

Documentation

  • update[Documentation] corrected docs: with "lenya-document:" links, even the UUID is optional. Diff Committed by nettings.
  • update[Documentation] added note about chaperon Diff Committed by nettings.
  • update[Documentation] removed obsolete reference to wf.event parameter, fixed typos, added some links. Diff Committed by nettings.
  • update[Documentation] Fixed missing </p> tag so the ForrestBot build won't fail again. Diff Committed by bobharner.
  • update[Documentation] moved finished draft from wiki to releases.xml. some loose ties, see NOTE:s and FIXME:s. Diff Committed by nettings.
  • update[Documentation] Updated docs: path to document2txt.xsl, formatting and some additions to release guidelines, hint about notification in lucene module Diff Committed by andreas.
  • update[Documentation] update resource type tutorial to reflect configuration change Diff Committed by nettings.
  • update[Documentation] replaced publication.xconf by publication.xml Diff Committed by nettings.
  • update[Documentation] Adding some documentation about the properties module Diff Committed by thorsten.
  • update[Documentation] using unique ids Diff Committed by thorsten.
  • update[Documentation] Adding documentation about the properties module Diff Committed by thorsten.
  • update[Documentation] Fixing unique id. Thanks forrestbot. Diff Committed by thorsten.
  • update[Documentation] added hint about disabling XML prettyprinting Diff Committed by nettings.
  • update[Documentation] Updating changes pages Diff Committed by thorsten.
  • update[Documentation] Added hint about client-side caching to performance guide Diff Committed by andreas.

Sandbox

  • add[Sandbox] experimental new policy authorizer maps url authorization to usecase authorizer via a new pseudo-usecase called ac.visit. addresses bug http://issues.apache.org/bugzilla/show_bug.cgi?id=42952 the current hack-and-slash approach is to delegate a normal uri request http://foo/bar/baz to http://foo/bar/baz?lenya.usecase=ac.visit and thus using all our usecase policy GUI features for page access as well. in the long run, PolicyAuthorizer should probably be removed completely... please review and comment. the branch was necessary, because java dependencies made it necessary to juggle some files between ac and acusecases, which made the changeset too messy for a patch. Diff Committed by nettings.
  • update[Sandbox] an attack on bug http://issues.apache.org/bugzilla/show_bug.cgi?id=42952 * move UsecaseAuthorizer, impl and helper classes from usecase to ac module to avoid circular dependencies * create new usecase ac.visit * change PolicyAuthorizer to check ac.visit permission for each requested page * add usecase policy to default: ac.visit will be granted to editors, admins and reviewers (basically restoring the old implicit behaviour, but now in a clean and obvious way without opening security holes) WARNING: this is a proof-of-concept code that touches security-critical infrastructure. it will compile and has been tested briefly. there has been NO SECURITY AUDIT of any kind. the whole shebang may be utter bogus - it's here as a discussion item. please review and comment. Diff Committed by nettings.

Site

  • update[Site] Publish from forrestbot Diff Committed by thorsten.

Contributors to this release

We thank the following people for their contributions to this release.

This is a list of all people who participated as committers:
(andreas), (bobharner), (jann), (michi), (nettings), (rfrovarp), (thorsten).