diff --git a/cli/pom.xml b/cli/pom.xml
index db40cc924660aac870b83985fd959af19b8e12c4..6fd81ad8b33520700d402170530c72a4f5079707 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -4,7 +4,7 @@
   <parent>
     <artifactId>pom</artifactId>
     <groupId>org.jvnet.hudson.main</groupId>
-    <version>1.310-SNAPSHOT</version>
+    <version>1.311-SNAPSHOT</version>
   </parent>
   <artifactId>cli</artifactId>
   <name>Hudson CLI</name>
diff --git a/core/pom.xml b/core/pom.xml
index d589899fa431dabe4f8d067f8cc0372f1e8c8f5f..c0f729b83e6defc3a69c5d6a46db6f98daca29ee 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jvnet.hudson.main</groupId>
     <artifactId>pom</artifactId>
-    <version>1.310-SNAPSHOT</version>
+    <version>1.311-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 
diff --git a/core/src/main/java/hudson/security/csrf/CrumbIssuer.java b/core/src/main/java/hudson/security/csrf/CrumbIssuer.java
index 17d5a0b9f0b7a9236f247ea51fd937d449a34cd8..53d17ccb834b96972d2c7569b4fd22bbe91d6929 100644
--- a/core/src/main/java/hudson/security/csrf/CrumbIssuer.java
+++ b/core/src/main/java/hudson/security/csrf/CrumbIssuer.java
@@ -66,7 +66,7 @@ public abstract class CrumbIssuer implements Describable<CrumbIssuer>, Extension
         if (crumb == null) {
             crumb = issueCrumb(request, getDescriptor().getCrumbSalt());
             if (request != null) {
-                if ((crumb != null) && !crumb.isEmpty()) {
+                if ((crumb != null) && crumb.length()>0) {
                     request.setAttribute(CRUMB_ATTRIBUTE, crumb);
                 } else {
                     request.removeAttribute(CRUMB_ATTRIBUTE);
diff --git a/core/src/main/resources/hudson/security/csrf/CrumbIssuer/config.jelly b/core/src/main/resources/hudson/security/csrf/CrumbIssuer/config.jelly
new file mode 100644
index 0000000000000000000000000000000000000000..c1329f736696db651bbdbb607d6095f8da33886d
--- /dev/null
+++ b/core/src/main/resources/hudson/security/csrf/CrumbIssuer/config.jelly
@@ -0,0 +1,36 @@
+<!--
+The MIT License
+
+Copyright (c) 2008-2009, Yahoo! Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+-->
+
+<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
+    <f:entry title="${%Salt}" help="/help/security/csrf/salt.html">
+        <f:textbox name="csrf_crumbSalt" value="${descriptor.crumbSalt}" />
+    </f:entry>
+    <f:entry title="${%Request Field}" help="/help/security/csrf/field.html">
+        <f:textbox name="csrf_crumbField" value="${descriptor.crumbRequestField}" />
+    </f:entry>
+    
+    <j:if test="${!empty(descriptor.subConfigPage)}">
+        <st:include from="${descriptor}" page="${descriptor.subConfigPage}" optional="true" />
+    </j:if>
+</j:jelly>
\ No newline at end of file
diff --git a/core/src/main/resources/lib/form/crumb.jelly b/core/src/main/resources/lib/form/crumb.jelly
new file mode 100644
index 0000000000000000000000000000000000000000..31c7e478530dd67e088f0207bc8f4774ff402b62
--- /dev/null
+++ b/core/src/main/resources/lib/form/crumb.jelly
@@ -0,0 +1,11 @@
+<!--
+ Copyright (c) 2008-2009 Yahoo! Inc. 
+ All rights reserved. 
+ The copyrights to the contents of this file are licensed under the MIT License (http://www.opensource.org/licenses/mit-license.php)
+-->
+
+<j:jelly xmlns:j="jelly:core" xmlns:s="jelly:stapler" xmlns:d="jelly:define" xmlns:f="/lib/form">
+  <j:if test="${app.useCrumbs}">
+  	<input type="hidden" name="${h.getCrumbRequestField()}" value="${h.getCrumb(request)}" />
+  </j:if>
+</j:jelly>
\ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index 009f36364890e9c42c9b48e834ffa9cb53c0a489..598d06079a823f7b77a855281473175e41586d40 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+hudson (1.310) unstable; urgency=low
+
+  * See http://hudson.dev.java.net/changelog.html for more details.
+
+ -- Kohsuke Kawaguchi <kk@kohsuke.org>  Mon, 15 Jun 2009 09:16:45 -0700
+
 hudson (1.309) unstable; urgency=low
 
   * See http://hudson.dev.java.net/changelog.html for more details.
diff --git a/maven-agent/pom.xml b/maven-agent/pom.xml
index ab89c0f55972ea4d34cd74777d7cb00e88cff342..d772c491773d5974f278733b6b3065bc4a80c41d 100644
--- a/maven-agent/pom.xml
+++ b/maven-agent/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jvnet.hudson.main</groupId>
     <artifactId>pom</artifactId>
-    <version>1.310-SNAPSHOT</version>
+    <version>1.311-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   
diff --git a/maven-interceptor/pom.xml b/maven-interceptor/pom.xml
index b6ae241e0977b94ab3efc79de13531a8cb6061fc..b212d1c01eabeb39c0b0b205f651c2e8a7da7a7f 100644
--- a/maven-interceptor/pom.xml
+++ b/maven-interceptor/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jvnet.hudson.main</groupId>
     <artifactId>pom</artifactId>
-    <version>1.310-SNAPSHOT</version>
+    <version>1.311-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   
diff --git a/maven-plugin/pom.xml b/maven-plugin/pom.xml
index 66cc96958d4df8c1b4f92e3f57a9d67fabfed508..d56b12cfdd967374b577f0204122d8ac475be877 100644
--- a/maven-plugin/pom.xml
+++ b/maven-plugin/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jvnet.hudson.main</groupId>
     <artifactId>pom</artifactId>
-    <version>1.310-SNAPSHOT</version>
+    <version>1.311-SNAPSHOT</version>
   </parent>
 
   <artifactId>maven-plugin</artifactId>
diff --git a/pom.xml b/pom.xml
index 79b002cf75b911dcb0b1d4e9a5d6d1ad839be3bf..d99fd9663a720c9f4ebd7949b1c7c74b3713d3fe 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,7 +33,7 @@ THE SOFTWARE.
   
   <groupId>org.jvnet.hudson.main</groupId>
   <artifactId>pom</artifactId>
-  <version>1.310-SNAPSHOT</version>
+  <version>1.311-SNAPSHOT</version>
   <packaging>pom</packaging>
   
   <name>Hudson main module</name>
diff --git a/remoting/pom.xml b/remoting/pom.xml
index f8681db098dc6161d44ef8a9a3c8b5d24b3949af..7dacaca1871315d62f387a25f6b789b4e3d79476 100644
--- a/remoting/pom.xml
+++ b/remoting/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jvnet.hudson.main</groupId>
     <artifactId>pom</artifactId>
-    <version>1.310-SNAPSHOT</version>
+    <version>1.311-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   
diff --git a/test/pom.xml b/test/pom.xml
index f6ef84764e38ccd489142327acf59e7c067ee79a..1bc26c44791a991d54d7d6318c738a94112375ef 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
   <parent>
     <artifactId>pom</artifactId>
     <groupId>org.jvnet.hudson.main</groupId>
-    <version>1.310-SNAPSHOT</version>
+    <version>1.311-SNAPSHOT</version>
   </parent>
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.jvnet.hudson.main</groupId>
diff --git a/war/pom.xml b/war/pom.xml
index cd68913ced7f107c21e0b6ae3b9463417fa7d680..12e7421c2d95c9db84732fdf025232c4621f0e64 100644
--- a/war/pom.xml
+++ b/war/pom.xml
@@ -27,7 +27,7 @@ THE SOFTWARE.
   <parent>
     <groupId>org.jvnet.hudson.main</groupId>
     <artifactId>pom</artifactId>
-    <version>1.310-SNAPSHOT</version>
+    <version>1.311-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   
@@ -248,6 +248,7 @@ THE SOFTWARE.
               </execution>
             </executions>
             <configuration>
+              <python>python2.5</python>
               <proto>../ips/proto.py</proto>
             </configuration>
           </plugin>
diff --git a/war/resources/help/security/csrf/field.html b/war/resources/help/security/csrf/field.html
new file mode 100644
index 0000000000000000000000000000000000000000..cb6dc75fe588ba9647824b2d92d8ab63ab8168c7
--- /dev/null
+++ b/war/resources/help/security/csrf/field.html
@@ -0,0 +1,4 @@
+<div>
+  This is name of the request parameter Hudson will look in for a crumb
+  value. 
+</div>
\ No newline at end of file
diff --git a/war/resources/help/security/csrf/salt.html b/war/resources/help/security/csrf/salt.html
new file mode 100644
index 0000000000000000000000000000000000000000..fb20b96e49e3dbe9002bc9141238ef8cb236c20d
--- /dev/null
+++ b/war/resources/help/security/csrf/salt.html
@@ -0,0 +1,8 @@
+<div>
+  The salt value is taken as an input to the crumb generation algorithm. It acts
+  as further randomization to complicate dictionary style attacks against the
+  algorithm. In the context of CSRF exploits against Hudson servers, each Hudson
+  server should use a different salt value. If multiple Hudson servers all use
+  a crumb generation algorithm that gets broken, the salt prevents an attacker
+  from running CSRF exploits against all these servers.
+</div>