Release Notes for Trac 0.10.3.1
===============================
March 8, 2007

We're happy to announce the Trac 0.10.3.1 release, available from:

  http://trac.edgewall.org/wiki/TracDownload

For questions, comments and user discussions, please use the Trac mailing
list. List information, subscription and archive available at:

  http://trac.edgewall.org/wiki/MailingList

Trac 0.10.3.1 is a security release:
* Always send "Content-Disposition: attachment" headers where potentially 
  unsafe (user provided) content is available for download. This behaviour
  can be altered using the "render_unsafe_content" option in the 
  "attachment" and "browser" sections of trac.ini.
 * Fixed XSS vulnerability in "download wiki page as text" in combination with 
   Microsoft IE. Reported by Yoshinori Oota, Business Architects Inc.


Acknowledgements
================

Many thanks to the growing number of people who have, and continue to,
support the project. Also our thanks to all people providing feedback and
bug reports that helps us make Trac better, easier to use and more
effective.

Without your invaluable help, Trac would not evolve. Thank you all.

Finally, we offer hope that Trac will prove itself useful to like-minded
programmers around the world, and that this release will prove an
improvement over the last version.

Please let us know. :-)

/The Trac Team http://trac.edgewall.org/
