[securityfilter-announce] securityfilter-1.1 released
Brought to you by:
chris_schultz,
maxcooper
Menu
▾
▴
[securityfilter-announce] securityfilter-1.1 released
|
From: <sec...@li...> - 2003-10-26 03:09:31
|
securityfilter-1.1 released NOTES: The securityfilter-1.1 release adds BASIC authentication support that was not available in previous (non-beta) releases. A number of functionality-related bugs have been fixed as well. This release does not have any major security-vulnerability fixes in it when compared to securityfilter-1.0.1. There is one minor fix related to invalidating the session if the user is logged in and then logs in as a different user in the same session (see http://sourceforge.net/tracker/index.php?func=detail&aid=824791&group_id=59484&atid=491164). If you are happy with the functionality of securityfilter-1.0.1 and the session invalidation issue is not a problem, there is little reason to upgrade. Users of previous versions (pre-1.0.1) should upgrade to securityfilter-1.1 for maximum security, however. CHANGES: Release 1.1, 2003-Oct-25 ======================== * Session is now invalidated if the user spontaneously logs in again as a different user. The session is kept if they login as the same user. http://sourceforge.net/tracker/index.php?func=detail&aid=824791&group_id=59484&atid=491164 * Query string parameters on <form-login-page> and <form-error-page> URIs is now supported. http://sourceforge.net/tracker/index.php?func=detail&aid=783697&group_id=59484&atid=491164 * Fixed classloader issue that was causing problems on Tomcat + JBoss 3.x: http://sourceforge.net/tracker/index.php?func=detail&aid=770075&group_id=59484&atid=491164 Release 1.1-b1, 2003-Jul-15 =========================== * Added support for BASIC authentication scheme. * User is compeletely logged out of the system on a logout request even when using BASIC Authentication scheme. This feature has not been implemented in any J2EE Application server known so far. This feature has been tested on Orion 1.5.2 (which implements "Servlet 2.3 public final draft" but not "Servlet 2.3 specification") and Weblogic 6.1 SP3. This feature is useful for developers using Orion 1.5.2. Thank you for using and supporting the SecurityFilter project! |
