httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0 CHANGES
Date Fri, 23 Jan 2004 00:08:17 GMT
nd          2004/01/22 16:08:17

  Modified:    .        CHANGES
  Log:
  sync
  
  Revision  Changes    Path
  1.1372    +4 -6      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1371
  retrieving revision 1.1372
  diff -u -u -r1.1371 -r1.1372
  --- CHANGES	17 Jan 2004 00:16:45 -0000	1.1371
  +++ CHANGES	23 Jan 2004 00:08:16 -0000	1.1372
  @@ -29,10 +29,6 @@
     *) Make REMOTE_PORT variable available in mod_rewrite.
        PR 25772.  [André Malo]
   
  -  *) Allow unescaped error logs via compile time switch
  -     "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".
  -     [Geoffrey Young <geoff modperlcookbook.org>, André Malo]
  -
     *) proxy_http fix: mod_proxy hangs when both KeepAlive and 
        ProxyErrorOverride are enabled, and a non-200 response without a 
        body is generated by the backend server. (e.g.: a client makes a 
  @@ -341,8 +337,10 @@
     *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
        the destination resource gives a 401.  PR 15571.  [Joe Orton]
   
  -  *) SECURITY [CAN-2003-0020]: Escape arbitrary data before writing
  -     into the errorlog.  [André Malo]
  +  *) SECURITY: CAN-2003-0020 (cve.mitre.org)
  +     Escape arbitrary data before writing into the errorlog. Unescaped
  +     errorlogs are still possible using the compile time switch
  +     "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, André Malo]
   
     *) mod_autoindex / core: Don't fail to show filenames containing
        special characters like '%'. PR 13598.  [André Malo]
  
  
  

Mime
View raw message