Release Notes - OASIS Technical Committees Issue Tracker

Release Notes - OASIS Open Data Protocol (OData) TC - Version CN01 - HTML format

Configure Release Notes

Bug

[ODATA-1110] - Provide guidance for sql-injection type attacks

New Feature

[ODATA-262] - Specify how OData services can be protected against cross-site request forgery (CSRF or XSRF)
[ODATA-291] - Consider adding a mechanism for idempotence with POST

Task

[ODATA-626] - Security:services should consider what media types they support
[ODATA-627] - Security: Returning 404 (Not Found) versus 401 (unauthorized) could leak information
[ODATA-628] - Security: Service implementors should consider timing-based information leakage attacks
[ODATA-629] - Security: Returning Core.Permission'None' could be information leakage
[ODATA-714] - Parallel processing within batch requests

Improvement

[ODATA-461] - Explicitly disallow certain XML constructs (for CSDL, ATOM) to enhance OData security
[ODATA-554] - Clarify representation of floating-point numbers
[ODATA-1011] - Security experts at RSA suggest adding guidance on the use of OAuth and openID

Sub-task

[ODATA-962] - CORS Support

Edit/Copy Release Notes

The text area below allows the project release notes to be edited and copied to another document.

Release Notes - OASIS Open Data Protocol (OData) TC - Version CN01
                                                                                            
<h2>        Bug
</h2>
<ul>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-1110'>ODATA-1110</a>] -         Provide guidance for sql-injection type attacks
</li>
</ul>
        
<h2>        New Feature
</h2>
<ul>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-262'>ODATA-262</a>] -         Specify how OData services can be protected against cross-site request forgery (CSRF or XSRF)
</li>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-291'>ODATA-291</a>] -         Consider adding a mechanism for idempotence with POST
</li>
</ul>
        
<h2>        Task
</h2>
<ul>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-626'>ODATA-626</a>] -         Security:services should consider what media types they support
</li>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-627'>ODATA-627</a>] -         Security: Returning 404 (Not Found) versus 401 (unauthorized) could leak information
</li>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-628'>ODATA-628</a>] -         Security: Service implementors should consider timing-based information leakage attacks
</li>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-629'>ODATA-629</a>] -         Security: Returning Core.Permission&#39;None&#39; could be information leakage
</li>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-714'>ODATA-714</a>] -         Parallel processing within batch requests
</li>
</ul>
    
<h2>        Improvement
</h2>
<ul>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-461'>ODATA-461</a>] -         Explicitly disallow certain XML constructs (for CSDL, ATOM) to enhance OData security
</li>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-554'>ODATA-554</a>] -         Clarify representation of floating-point numbers
</li>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-1011'>ODATA-1011</a>] -         Security experts at RSA suggest adding guidance on the use of OAuth and openID
</li>
</ul>
    
<h2>        Sub-task
</h2>
<ul>
<li>[<a href='https://issues.oasis-open.org/browse/ODATA-962'>ODATA-962</a>] -         CORS Support
</li>
</ul>