documentation and up version

diff --git a/Changes b/Changes
index 8d87c7c..2a7af00 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,5 +1,13 @@
 # This file documents the revision history for Perl extension Catalyst.
 
+5.90079.06  - 2015-01-02
+  - Removed unneeded depdency on RenderView in new test case that was causing fails
+    on CPAN testers that did not just happen to have that dependency already installed
+  - Updated copyright notices to 2015
+  - Documentation patches around the setup methods and clarification on on security
+    note posted a few months ago.
+  - Added my name to the contributors list
+
 5.90079_005 - 2014-12-31
   - Merged changes from 5.90078
   - If configuration 'using_frontend_proxy' is set, we add the correct middleware

diff --git a/lib/Catalyst.pm b/lib/Catalyst.pm
index 1b3af91..31434ee 100644 (file)
--- a/lib/Catalyst.pm
+++ b/lib/Catalyst.pm
@@ -129,7 +129,7 @@ __PACKAGE__->stats_class('Catalyst::Stats');
 __PACKAGE__->_encode_check(Encode::FB_CROAK | Encode::LEAVE_SRC);
 
 # Remember to update this in Catalyst::Runtime as well!
-our $VERSION = '5.90079_005';
+our $VERSION = '5.90079_006';
 $VERSION = eval $VERSION if $VERSION =~ /_/; # numify for warning-free dev releases
 
 sub import {
@@ -1184,6 +1184,17 @@ Catalyst> line.
 B<Note:> You B<should not> wrap this method with method modifiers
 or bad things will happen - wrap the C<setup_finalize> method instead.
 
+B<Note:> You can create a custom setup stage that will execute when the
+application is starting.  Use this to customize setup.
+
+    MyApp->setup(-Custom=value);
+
+    sub setup_custom {
+      my ($class, $value) = @_;
+    }
+
+Can be handy if you want to hook into the setup phase.
+
 =cut
 
 sub setup {
@@ -4424,9 +4435,11 @@ dd070: Dhaval Dhanani <dhaval070@gmail.com>
 
 Upasana <me@upasana.me>
 
+John Napiorkowski (jnap) <jjnapiork@cpan.org>
+
 =head1 COPYRIGHT
 
-Copyright (c) 2005-2014, the above named PROJECT FOUNDER and CONTRIBUTORS.
+Copyright (c) 2005-2015, the above named PROJECT FOUNDER and CONTRIBUTORS.
 
 =head1 LICENSE
 

diff --git a/lib/Catalyst/Request.pm b/lib/Catalyst/Request.pm
index 5e57305..c0d9fca 100644 (file)
--- a/lib/Catalyst/Request.pm
+++ b/lib/Catalyst/Request.pm
@@ -669,12 +669,16 @@ cause a hash initialization error. For a more straightforward interface see
 C<< $c->req->parameters >>.
 
 B<NOTE> Interfaces like this, which are based on L<CGI> and the C<param> method
-are now known to cause demonstrated exploits. It is highly recommended that you
-avoid using this method, and migrate existing code away from it.  Here's the
+are known to cause demonstrated exploits. It is highly recommended that you
+avoid using this method, and migrate existing code away from it.  Here's a
 whitepaper of the exploit:
 
 L<http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/>
 
+B<NOTE> Further discussion on IRC indicate that the L<Catalyst> core team from 'back then'
+were well aware of this hack and this is the main reason we added the new approach to
+getting parameters in the first place.
+
 Basically this is an exploit that takes advantage of how L<\param> will do one thing
 in scalar context and another thing in list context.  This is combined with how Perl
 chooses to deal with duplicate keys in a hash definition by overwriting the value of

diff --git a/lib/Catalyst/Runtime.pm b/lib/Catalyst/Runtime.pm
index 416f0de..a09b086 100644 (file)
--- a/lib/Catalyst/Runtime.pm
+++ b/lib/Catalyst/Runtime.pm
@@ -7,7 +7,7 @@ BEGIN { require 5.008003; }
 
 # Remember to update this in Catalyst as well!
 
-our $VERSION = '5.90079_005';
+our $VERSION = '5.90079_006';
 $VERSION = eval $VERSION if $VERSION =~ /_/; # numify for warning-free dev releases
 
 =head1 NAME