Daniel, would you be able to add a note like this to the website like we did for the result_of change? Eric On 02/01/2013 02:08 AM, Artyom Beilis wrote:
Hello,
Can you please make the security note about Boost.Locale more visible? It is an important part of release notes.
See: http://thread.gmane.org/gmane.comp.lib.boost.devel/237615
I think this note should be somewhere in noticeable place:
------------------------------------------------------------------------- Note Begin ------------------------------------------------------------------------- Boost.Locale library in Boost 1.48 to 1.52 including has a security flow.
boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences.
Applications that used these functions for UTF-8 input validation could expose themselves to security threats as invalid UTF-8 sequece would be considered as valid.
This bug is fixed in upcoming Boost 1.53.
For more details see: https://svn.boost.org/trac/boost/ticket/7743
Users who can't upgrade to the latest versions may apply the following patch to fix the problem.
http://cppcms.com/files/locale/boost_locale_utf.patch ------------------------------------------------------------------------- Note End -------------------------------------------------------------------------
Thanks
Artyom Beilis -------------- CppCMS - C++ Web Framework: http://cppcms.com/ CppDB - C++ SQL Connectivity: http://cppcms.com/sql/cppdb/
________________________________ From: Marshall Clow <mclow.lists@gmail.com> To: Boost Developers List <boost@lists.boost.org> Sent: Thursday, January 31, 2013 7:22 AM Subject: [boost] [1.53.0] Release candidates available
Release candidate files for 1.53.0 are available at http://boost.cowic.de/rc/
As always, the release managers would appreciate it if you download the candidate of your choice and give building it a try. Please report both success and failure, and anything else that is noteworthy.
This helps ensure the candidates build OK before we push them out to SourceForge.
The files (and associated md5s) are: 57a9e2047c0f511c4dfcf00eb5eb2fbb *boost_1_53_0_rc1.tar.gz a00d22605d5dbcfb4c9936a9b35bc4c2 *boost_1_53_0_rc1.tar.bz2 c618e030fd4882e4dbacf54baf824544 *boost_1_53_0_rc1.zip cc680cab53a5405ca102a10d43b92b88 *boost_1_53_0_rc1.7z
Thanks!
-- The release managers
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost