httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r424084 - /httpd/httpd/trunk/CHANGES
Date Thu, 20 Jul 2006 22:04:13 GMT
Author: rpluem
Date: Thu Jul 20 15:04:13 2006
New Revision: 424084

URL: http://svn.apache.org/viewvc?rev=424084&view=rev
Log:
* Remove the word SECURITY to address Joe's and Bill's concern that this would
  imply that FollowSymLinks and SymLinksIfOwnerMatch are security features.

Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=424084&r1=424083&r2=424084&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Jul 20 15:04:13 2006
@@ -2,8 +2,7 @@
 Changes with Apache 2.3.0
   [Remove entries to the current 2.0 and 2.2 section below, when backported]
 
-  *) SECURITY:
-     core: Do not allow internal redirects like the DirectoryIndex of mod_dir
+  *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
      to circumvent the symbolic link checks imposed by FollowSymLinks and
      SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]
 



Mime
View raw message