SecurityFilter News
Brought to you by:
chris_schultz,
maxcooper
Menu
▾
▴
Posted by
2003-01-06
securityfilter-1.0-b5 released
Version 1.0-b5 of SecurityFilter has been released!
It is recommended that all users of previous versions upgrade to this release for increased security and reliability.
NOTES:
This release fixes a number of bugs, security issues, and Servlet-spec compliance bugs.
CHANGES:
* Fixed sort order for "exact" pattern types:
http://sourceforge.net/tracker/index.php?func=detail&aid=661261&group_id=59484&atid=491164
* The default mapping / is now supported. This url-pattern will be tried last and will match any request:
http://sourceforge.net/tracker/index.php?func=detail&aid=656697&group_id=59484&atid=491164
* Matching is now tighter for j_security_check. If the request URI ends in "/j_security_check", that is a match:
http://sourceforge.net/tracker/index.php?func=detail&aid=650835&group_id=59484&atid=491164
* Requests for the login page and login error page are now allowed, even if the URL would otherwise be restricted by a security constraint:
http://sourceforge.net/tracker/index.php?func=detail&aid=650833&group_id=59484&atid=491164
* Old session is now invalidated when a user re-authenticates. The session is saved through an unauthenticated/authenticated transition, but is invalidated through an authenticated/authenticated transition:
http://sourceforge.net/tracker/index.php?func=detail&aid=620772&group_id=59484&atid=491164
* SecurityFilter now encodes URLs on redirects:
https://sourceforge.net/tracker/index.php?func=detail&aid=655221&group_id=59484&atid=491164
* Fixed pattern matching thread safety issues:
http://sourceforge.net/tracker/index.php?func=detail&aid=650697&group_id=59484&atid=491164
* Fixed pattern matching issues, including resolving patterns to the root of the URI:
http://sourceforge.net/tracker/index.php?func=detail&aid=638556&group_id=59484&atid=491164
* Changed regular expression library from Jakarta-Regexp to Jakarta-ORO. A performance simulation test indicated that Jakarta-ORO Perl5 expressions offer the best performance for
this application. The old implementation was verified to fail in multi-threaded environments, and the new implementation technique has proven to be thread-safe.
2003-01-06