Changelog misleading

[GoogleCodeExporter]

Download changelog.txt from the 1.4.2 release. Information in the changelog
is misleading and doesn't provide a decisive summary of what has changed in
this release.

In particular, the file mentions changes to the codec feature, starting at
r910. "back ported to 1.4" is one of the messages. In r951, the commit
message specifies "undoing the 2.0->1.4 Encoder changes". At first glance
these almost seem like a feature was added then removed. However after
checking the source code changes:
http://code.google.com/p/owasp-esapi-java/source/diff?spec=svn910&r=910&format=s
ide&path=/branches/1.4/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java
http://code.google.com/p/owasp-esapi-java/source/diff?spec=svn951&r=951&format=s
ide&path=/branches/1.4/src/main/java/org/owasp/esapi/codecs/HTMLEntityCodec.java

I can see that the fixes from r910 were kept. However the changelog of this
is a bit confusing. 

Also "Backport current JSP tag libraries from 2.0rcs to 1.4.1rcs" doesn't
tell us anything about what the JSP tag libraries from 2.0rcs are, and how
they effect us.

It would be good to have a user friendly release notes that summarizes the
differences in an information rich manner. This is important for those of
us that need to do Threat Modeling and comprehensive testing of any
changes. Providing rich release notes makes it much easier to accomplish.

Original issue reported on code.google.com by pas...@gmail.com on 20 Jan 2010 at 2:28

[GoogleCodeExporter]

I'll do this moving forward. 

Original comment by manico.james@gmail.com on 1 Nov 2010 at 1:20

• Changed state: Fixed