From 165254202d2625e7eebf3f649e4068124656a5e6 Mon Sep 17 00:00:00 2001
From: Jason Pyeron <jpyeron@pdinc.us>
Date: Thu, 06 Sep 2012 17:35:20 -0400
Subject: [PATCH] Merged CVE-2007-450 warning logging from Jason Pyeron (issue 126)

---
 docs/04_releases.mkd |   14 ++++++++++++--
 1 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/docs/04_releases.mkd b/docs/04_releases.mkd
index a0324a6..c6fc1b7 100644
--- a/docs/04_releases.mkd
+++ b/docs/04_releases.mkd
@@ -9,6 +9,18 @@
 
 **%VERSION%** ([go](http://code.google.com/p/gitblit/downloads/detail?name=%GO%) | [war](http://code.google.com/p/gitblit/downloads/detail?name=%WAR%) | [express](http://code.google.com/p/gitblit/downloads/detail?name=%EXPRESS%) | [fedclient](http://code.google.com/p/gitblit/downloads/detail?name=%FEDCLIENT%) | [manager](http://code.google.com/p/gitblit/downloads/detail?name=%MANAGER%) | [api](http://code.google.com/p/gitblit/downloads/detail?name=%API%)) based on [%JGIT%][jgit] &nbsp; *released %BUILDDATE%*
 
+#### changes
+
+- Emit a warning in the log file if running on a Tomcat-based servlet container which is unfriendly to %2F forward-slash url encoding AND Gitblit is configured to mount parameters with %2F forward-slash url encoding (Github/jpyeron, issue 126)
+- LDAP admin attribute setting is now consistent with LDAP teams setting and admin teams list.  
+If *realm.ldap.maintainTeams==true* **AND** *realm.ldap.admins* is not empty, then User.canAdmin() is controlled by LDAP administrative team membership.  Otherwise, User.canAdmin() is controlled by Gitblit.
+
+<hr/>
+
+### Older Releases
+
+**1.1.0** *released 2012-08-25*
+
 #### fixes
 
 - Bypass Wicket's inability to handle direct url addressing of a view-restricted, grouped repository for new, unauthenticated sessions (e.g. click link from email or rss feed without having an active Wicket session)
@@ -64,8 +76,6 @@
 - Updated Spanish translation
 
 <hr/>
-
-### Older Releases
 
 **1.0.0** *released 2012-07-14*
 

--
Gitblit v1.9.1