Bug
- [ODATA-1110] - Provide guidance for sql-injection type attacks
New Feature
- [ODATA-262] - Specify how OData services can be protected against cross-site request forgery (CSRF or XSRF)
- [ODATA-291] - Consider adding a mechanism for idempotence with POST
Task
- [ODATA-626] - Security:services should consider what media types they support
- [ODATA-627] - Security: Returning 404 (Not Found) versus 401 (unauthorized) could leak information
- [ODATA-628] - Security: Service implementors should consider timing-based information leakage attacks
- [ODATA-629] - Security: Returning Core.Permission'None' could be information leakage
- [ODATA-714] - Parallel processing within batch requests
Improvement
- [ODATA-461] - Explicitly disallow certain XML constructs (for CSDL, ATOM) to enhance OData security
- [ODATA-554] - Clarify representation of floating-point numbers
- [ODATA-1011] - Security experts at RSA suggest adding guidance on the use of OAuth and openID
Sub-task
- [ODATA-962] - CORS Support
Edit/Copy Release Notes
The text area below allows the project release notes to be edited and copied to another document.