Invenio v0.99.6

inveniosoftware · Oct 18, 2012 · edd1962 · edd1962
1 parent e606634
commit edd1962
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 25 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,22 @@
+CDS Invenio v0.99.6 (released 2012-10-18)
+=========================================
+
+2012-10-18  Tibor Simko  <[email protected]>
+
+	I18N: PO file update for the release of v0.99.6
+
+2012-10-18  Ludmila Marian <[email protected]>
+
+	WebSearch: XSS and verbose improvements
+	* The use of 'verbose' parameter for search pages is restricted
+          to superadmins only, since it could expose potentially sensitive
+          information, such as record IDs even though record content would
+          remain restricted.
+
+	* External search XSS vulnerability fix (escapes strings when
+          printing debug information via 'verbose' parameter in the external
+          search facility).
+
 CDS Invenio v0.99.5 (released 2012-02-21)
 =========================================
 

diff --git a/INSTALL b/INSTALL
@@ -183,13 +183,13 @@ Contents
 ----------------
 
       $ cd /usr/local/src/
-      $ wget http://invenio-software.org/download/cds-invenio-0.99.5.tar.gz
-      $ wget http://invenio-software.org/download/cds-invenio-0.99.5.tar.gz.md5
-      $ wget http://invenio-software.org/download/cds-invenio-0.99.5.tar.gz.sig
-      $ md5sum -v -c cds-invenio-0.99.5.tar.gz.md5
-      $ gpg --verify cds-invenio-0.99.5.tar.gz.sig cds-invenio-0.99.5.tar.gz
-      $ tar xvfz cds-invenio-0.99.5.tar.gz
-      $ cd cds-invenio-0.99.5
+      $ wget http://invenio-software.org/download/cds-invenio-0.99.6.tar.gz
+      $ wget http://invenio-software.org/download/cds-invenio-0.99.6.tar.gz.md5
+      $ wget http://invenio-software.org/download/cds-invenio-0.99.6.tar.gz.sig
+      $ md5sum -v -c cds-invenio-0.99.6.tar.gz.md5
+      $ gpg --verify cds-invenio-0.99.6.tar.gz.sig cds-invenio-0.99.6.tar.gz
+      $ tar xvfz cds-invenio-0.99.6.tar.gz
+      $ cd cds-invenio-0.99.6
       $ ./configure
       $ make
       $ make install
@@ -232,20 +232,20 @@ Contents
           CDS Invenio.  (The built files will be installed into
           different "target" directories later.)
 
-      $ wget http://invenio-software.org/download/cds-invenio-0.99.5.tar.gz
-      $ wget http://invenio-software.org/download/cds-invenio-0.99.5.tar.gz.md5
-      $ wget http://invenio-software.org/download/cds-invenio-0.99.5.tar.gz.sig
+      $ wget http://invenio-software.org/download/cds-invenio-0.99.6.tar.gz
+      $ wget http://invenio-software.org/download/cds-invenio-0.99.6.tar.gz.md5
+      $ wget http://invenio-software.org/download/cds-invenio-0.99.6.tar.gz.sig
 
           Fetch CDS Invenio source tarball from the CDS Software
           Consortium distribution server, together with MD5 checksum
           and GnuPG cryptographic signature files useful for verifying
           the integrity of the tarball.
 
-      $ md5sum -v -c cds-invenio-0.99.5.tar.gz.md5
+      $ md5sum -v -c cds-invenio-0.99.6.tar.gz.md5
 
           Verify MD5 checksum.
 
-      $ gpg --verify cds-invenio-0.99.5.tar.gz.sig cds-invenio-0.99.5.tar.gz
+      $ gpg --verify cds-invenio-0.99.6.tar.gz.sig cds-invenio-0.99.6.tar.gz
 
           Verify GnuPG cryptographic signature.  Note that you may
           first have to import my public key into your keyring, if you
@@ -257,11 +257,11 @@ Contents
           warning that may follow after the signature has been
           successfully verified.
 
-      $ tar xvfz cds-invenio-0.99.5.tar.gz
+      $ tar xvfz cds-invenio-0.99.6.tar.gz
 
           Untar the distribution tarball.
 
-      $ cd cds-invenio-0.99.5
+      $ cd cds-invenio-0.99.6
 
           Go to the source directory.
 

diff --git a/Makefile.am b/Makefile.am
@@ -263,4 +263,7 @@ update-v0.99.3-tables:
 update-v0.99.4-tables:
 	@echo "Nothing to do; table structure did not change between v0.99.4 and v0.99.5."
 
+update-v0.99.5-tables:
+	@echo "Nothing to do; table structure did not change between v0.99.5 and v0.99.6."
+
 CLEANFILES = *~
diff --git a/NEWS b/NEWS
@@ -6,6 +6,15 @@ releases.  For more information about the current release, please
 consult RELEASE-NOTES.  For more information about changes, please
 consult ChangeLog.
 
+CDS Invenio v0.99.6 -- released 2012-10-18
+------------------------------------------
+
+ *) improved XSS safety in external collection searching (WebSearch)
+
+ *) verbose level in the search results pages is now available only to
+    admins, preventing potential restricted record ID disclosure even
+    though record content would remain restricted (WebSearch)
+
 CDS Invenio v0.99.5 -- released 2012-02-21
 ------------------------------------------
 

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
@@ -1,27 +1,29 @@
 --------------------------------------------------------------------
-CDS Invenio v0.99.5 is released
+CDS Invenio v0.99.6 is released
 February 21, 2012
 http://invenio-software.org/
 --------------------------------------------------------------------
 
-CDS Invenio v0.99.5 was released on February 21, 2012.
+CDS Invenio v0.99.6 was released on October 18, 2012.
 
 This is a minor bugfix release only.  It is recommended to all CDS
-Invenio sites using v0.99.4 or previous releases.
+Invenio sites using v0.99.5 or previous releases.
 
 What's new:
 -----------
 
- *) improved sanity checks when reporting, voting, or replying to a
-    comment, or when accessing comment attachments, preventing URL
-    mangling attempts (WebComment)
+ *) improved XSS safety in external collection searching (WebSearch)
+
+ *) verbose level in the search results pages is now available only to
+    admins, preventing potential restricted record ID disclosure even
+    though record content would remain restricted (WebSearch)
 
 Download:
 ---------
 
-  <http://invenio-software.org/download/cds-invenio-0.99.5.tar.gz>
-  <http://invenio-software.org/download/cds-invenio-0.99.5.tar.gz.md5>
-  <http://invenio-software.org/download/cds-invenio-0.99.5.tar.gz.sig>
+  <http://invenio-software.org/download/cds-invenio-0.99.6.tar.gz>
+  <http://invenio-software.org/download/cds-invenio-0.99.6.tar.gz.md5>
+  <http://invenio-software.org/download/cds-invenio-0.99.6.tar.gz.sig>
 
 Installation notes:
 -------------------
@@ -31,13 +33,13 @@ Please follow the INSTALL file bundled in the distribution tarball.
 Upgrade notes:
 --------------
 
-If you are upgrading from CDS Invenio v0.99.4, then:
+If you are upgrading from CDS Invenio v0.99.5, then:
 
  - please stop your bibsched queue and your Apache server
 
  - install the update:
 
-     $ cd cds-invenio-0.99.5
+     $ cd cds-invenio-0.99.6
      $ cp -a /opt/cds-invenio/etc /opt/cds-invenio/etc.OLD
      $ sh /opt/cds-invenio/etc/build/config.nice
      $ make install