httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pque...@apache.org
Subject svn commit: r209832 - /httpd/httpd/trunk/CHANGES
Date Fri, 08 Jul 2005 16:06:26 GMT
Author: pquerna
Date: Fri Jul  8 09:06:22 2005
New Revision: 209832

URL: http://svn.apache.org/viewcvs?rev=209832&view=rev
Log:
Fix the CHANGES to reflect when things were really fixed. Also remove the security tag from
the proxy change, as suggested by Joe.

Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=209832&r1=209831&r2=209832&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES (original)
+++ httpd/httpd/trunk/CHANGES Fri Jul  8 09:06:22 2005
@@ -20,11 +20,15 @@
 
 Changes with Apache 2.1.6
 
+  *) SECURITY: CAN-2005-2088
+     core: If a request contains both Transfer-Encoding and a Content-Length,
+     remove the Content-Length, stopping some HTTP Request smuggling attacks.
+     [Paul Querna]
+
   *) Fix htdbm password validation for records which included comments.
      [Eric Covener <covener gmail.com>]
 
-  *) SECURITY: CAN-2005-2088
-     proxy HTTP: If a response contains both Transfer-Encoding and a 
+  *) proxy HTTP: If a response contains both Transfer-Encoding and a 
      Content-Length, remove the Content-Length and don't reuse the
      connection, stopping some HTTP Request smuggling attacks.
      [Jeff Trawick]
@@ -33,11 +37,6 @@
      [Steve Kemp <steve steve.org.uk>]
 
 Changes with Apache 2.1.5
-
-  *) SECURITY: CAN-2005-2088
-     core: If a request contains both Transfer-Encoding and a Content-Length,
-     remove the Content-Length, stopping some HTTP Request smuggling attacks.
-     [Paul Querna]
 
   *) mod_ssl: Setting the Protocol to 'https' can replace the use of the 
      'SSLEngine on' command. [Paul Querna]



Mime
View raw message