[interchange-cvs] interchange - jon modified WHATSNEW-5.6

interchange-cvs at icdevgroup.org interchange-cvs at icdevgroup.org
Mon Nov 10 06:39:33 UTC 2008 

User:      jon
Date:      2008-11-10 06:39:33 GMT
Modified:  .        Tag: STABLE_5_6-branch WHATSNEW-5.6
Log:
Add missing commit notices and clean up for release.

Revision  Changes    Path
No                   revision



No                   revision



2.1.2.12             interchange/Attic/WHATSNEW-5.6


rev 2.1.2.12, prev_rev 2.1.2.11
Index: WHATSNEW-5.6
===================================================================
RCS file: /var/cvs/interchange/Attic/WHATSNEW-5.6,v
retrieving revision 2.1.2.11
retrieving revision 2.1.2.12
diff -u -u -r2.1.2.11 -r2.1.2.12
--- WHATSNEW-5.6	24 Oct 2008 10:19:06 -0000	2.1.2.11
+++ WHATSNEW-5.6	10 Nov 2008 06:39:33 -0000	2.1.2.12
@@ -1,42 +1,67 @@
 ------------------------------------------------------------------------------
 
                   What's new in each version of Interchange
-                       (since the version 5.6 branch)
+                      (on the version 5.6 stable branch)
 
 ------------------------------------------------------------------------------
 
 See UPGRADE document for a list of incompatible changes.
 
 
-Interchange 5.6.1 under development.
+Interchange 5.6.1 released 2008-11-10.
 
 Core
 ----
 
-* Fixed regression in set_slice for the following usage pattern
-  (#200):
+* Fixed regression in Vend::Table::DBI::set_slice for the following usage
+  pattern (RT #200):
 
   $Db{table}->set_slice('', %parms));
 
-* Allow XML posts by e.g. Google Checkout, which broke in Interchange 5.6.0 
-  (#219).
+* Quell bogus warnings from Encode::Alias (#224). Thanks to Andy
+  <ic at tvcables.co.uk> and Rene Hertell <icdevgroup at hertell.com>.
 
-  Thanks to Andy <ic at tvcables.co.uk> for the patch.
-
-* Quell bogus warnings from Encode::Alias (#224).
-
-  Thanks to Andy <ic at tvcables.co.uk> and Rene Hertell
-  <icdevgroup at hertell.com> for reporting. 
-
-* Added Nunavut to the list of valid Canadian provinces (#231).
-  
-  Thanks to Mathew Jones for the report.
+* Added Nunavut to the list of valid Canadian provinces (#231). Thanks to
+  Mathew Jones for the report.
 
 * Fix vulnerability where a string passed in the mv_order_item CGI variable is
   displayed verbatim without any input sanitation if there is a valid sku in
-  mv_sku.  Thanks to Mat from Bibliopolis for discovering and reporting the
+  mv_sku. Thanks to Mat from Bibliopolis for discovering and reporting the
   vulnerability.
 
+* Fixed deficiency in Levies, where multiple handling modes separated by null
+  would not work as in the old subtotal calculation model.
+
+* Allow XML posts by e.g. Google Checkout, which broke in Interchange 5.6.0
+  (RT #219). By Andy <ic at tvcables.co.uk>.
+
+* Corrected logic flaw that applied UTF-8 handling in some cases where it
+  shouldn't have. Fixed by David Christensen <david at endpoint.com>.
+
+UserTag
+-------
+
+* We are vulnerable to cross-site scripting problems any time there is a
+  <input value="[value foo]"> call. You can get around this, of course,
+  with <input value="[value name=foo keep=1 filter=encode_entities"]">
+  instead. That is a bit of a mess, though, so I added an alias for that
+  called "evalue".
+
+  You call it with [evalue address1], which is identical to
+  [value keep=1 filter="encode_entities" name=address1].
+
+Widgets
+-------
+
+* Prevent cross-site scripting problem in the country-select widget. Found and
+  fixed by Josh Lavin of Perusion.
+
+Admin UI
+--------
+
+* Fixed regression in ContentEditor.pm to make it possible again to create
+  files via the Admin interface.
+
 Payment
 -------
 
@@ -46,31 +71,37 @@
   Change code to make directory if non-existent, and give better error
   if by some strange chance a file existed there.
 
-Standard
---------
+Standard demo
+-------------
 
-* Disabled product comment to prevent spam showing up on default
-  installations.
+* Made userdb password field nullable for Postgres, to avoid new user creation
+  problems.
+
+* Disabled product comment to prevent spam showing up on default installations.
 
 * Provide reasonable defaults for shipping mode and country at checkout to avoid
   "not enough information" errors.
 
+* Modified include/checkout forms to use evalue. There are undoubtedly many
+  other places it should be put in. But until this is evaluated properly I
+  don't want to do it all over the place. You can do so with this one liner,
+  at least pretty reliably:
 
-------------------------------------------------------------------------------
+     perl -pi -e 's{value="\[(value\s+[-\w]+\])}{value="[e$1}g'
 
+  I think we have gotten rid of all VALUE= uppercase kind of things,
+  but if not we should now.
 
-Interchange 5.6.0 released on 2008-05-21.
+Packaging
+---------
 
-Standard
---------
+* Numerous Debian packaging and localization updates.
 
-* Made userdb password field nullable for Postgres, to avoid new user creation
-  problems.
+
+------------------------------------------------------------------------------
 
 
-Admin
------
+Interchange 5.6.0 released on 2008-05-21.
 
-* fix ContentEditor.pm to make it possible again to create files via the Admin interface.
 
 (end)

More information about the interchange-cvs mailing list