httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r1621553 - /httpd/httpd/trunk/CHANGES
Date Sun, 31 Aug 2014 01:29:41 GMT
Author: covener
Date: Sun Aug 31 01:29:41 2014
New Revision: 1621553

URL: http://svn.apache.org/r1621553
Log:
these are backported


Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1621553&r1=1621552&r2=1621553&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sun Aug 31 01:29:41 2014
@@ -37,22 +37,11 @@ Changes with Apache 2.5.0
 
   *) mpm_winnt: Normalize the error and status messages emitted by service.c,
      the service control interface for Windows.  [William Rowe]
-
-  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
-     core: HTTP trailers could be used to replace HTTP headers
-     late during request processing, potentially undoing or
-     otherwise confusing modules that examined or modified
-     request headers earlier.  Adds "MergeTrailers" directive to restore 
-     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
   
   *) http_protocol: fix logic in ap_method_list_(add|remove) in order:
        - to correctly reset bits
        - not to modify the 'method_mask' bitfield unnecessarily
 
-  *) mod_log_config: Allow three character log formats to be registered. For
-     backwards compatibility, the first character of a three-character format
-     must be the '^' (caret) character.  [Eric Covener]
-
   *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
      is run, instead of waiting until the end of the request. [Eric Covener]
 



Mime
View raw message