| ----- |
| Release Notes for Archiva ${project.version} |
| ----- |
| |
| ~~ Licensed to the Apache Software Foundation (ASF) under one |
| ~~ or more contributor license agreements. See the NOTICE file |
| ~~ distributed with this work for additional information |
| ~~ regarding copyright ownership. The ASF licenses this file |
| ~~ to you under the Apache License, Version 2.0 (the |
| ~~ "License"); you may not use this file except in compliance |
| ~~ with the License. You may obtain a copy of the License at |
| ~~ |
| ~~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~~ |
| ~~ Unless required by applicable law or agreed to in writing, |
| ~~ software distributed under the License is distributed on an |
| ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~~ KIND, either express or implied. See the License for the |
| ~~ specific language governing permissions and limitations |
| ~~ under the License. |
| |
| Release Notes for Archiva ${project.version} |
| |
| The Apache Archiva team is pleased to announce the release of Archiva |
| ${project.version}. Archiva is {{{http://archiva.apache.org/download.html} |
| available for download from the web site}}. |
| |
| Archiva is an application for managing one or more remote repositories, |
| including administration, artifact handling, browsing and searching. |
| |
| If you have any questions, please consult: |
| |
| * the web site: {{http://archiva.apache.org/}} |
| |
| * the archiva-user mailing list: {{http://archiva.apache.org/mail-lists.html}} |
| |
| * New in Archiva ${project.version} |
| |
| Apache Archiva ${project.version} is a bug fix release: |
| |
| * Some fixes for the REST API were added to detect requests from unknown origin |
| |
| * Some bugfixes were added |
| |
| * Compatibility Changes |
| |
| * The REST services are now checking for the origin of the requests by analysing Origin |
| and Referer header of the HTTP requests and adding an validation token to the Header. |
| This prevents requests from malicious sites if they are open in the same browser. If you use |
| the REST services from other clients you may change the behaviour with the new |
| configuration properties for the redback security (rest.csrffilter.*, rest.baseUrl) |
| For more information see {{{./adminguide/customising-security.html}Archiva Security Configuration}} and |
| the {{{/redback/integration/rest.html}Redback REST documentation }} |
| |
| * Archiva uses redback for authentication and authorization in version ${redback.version} |
| |
| * Release Notes |
| |
| The Archiva ${project.version} features set can be seen in the {{{./tour/index.html} feature tour}}. |
| |
| * Changes in Archiva ${project.version} |
| |
| Released: <<${releaseDate}>> |
| |
| |
| ** New Feature |
| |
| |
| ** Improvement |
| |
| * [MRM-1925] - Make User-Agent header configurable for HTTP requests |
| |
| * [MRM-1861], [MRM-1924] - Increasing timeouts for repository check |
| |
| * [MRM-1937] - Prevent creating initial admin user with wrong name. |
| |
| * Adding origin header validation checks for REST requests |
| |
| ** Bugs fixed |
| |
| * [MRM-1859] - Error upon viewing 'Artifacts' tab when browsing an artifact |
| |
| * [MRM-1874] - Login Dialog triggers multiple events (+messages) |
| |
| * [MRM-1908] - Logged on users can write any repository |
| |
| * [MRM-1909] - Remote repository check fails for https://repo.maven.apache.org/maven2 |
| |
| * [MRM-1923] - Fixing bind issue with certain ldap servers, when user not found |
| |
| * [MRM-1926] - Invalid checksum files in Archiva repository after download from remote repository |
| |
| * [MRM-1928] - Bad redirect URL when using Archiva through HTTP reverse proxy |
| |
| |
| ** Task |
| |
| |
| |
| * History |
| |
| Archiva was started in November 2005, building a simple framework on top of some existing repository conversion |
| tools within the Maven project. Initial development focused on repository conversion, error reporting, and indexing. |
| From January 2006 a web application was started to visualise the information and to start incorporating |
| functionality from the unmaintained maven-proxy project. |
| |
| Development continued through many stops and starts. Initial versions of Archiva were built from source by contributors, |
| and the first alpha version was not released until April 2007. Some significant changes were made to improve |
| performance and functionality in June 2007 and over the next 6 months and a series of alpha and beta releases, a concerted effort |
| was made to release the 1.0 version. |
| |
| Archiva became an Apache "top level project" in March 2008. |
| |