Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 36539 invoked from network); 9 Sep 2008 14:15:31 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 9 Sep 2008 14:15:31 -0000 Received: (qmail 30286 invoked by uid 500); 9 Sep 2008 14:15:21 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 30220 invoked by uid 500); 9 Sep 2008 14:15:21 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 30209 invoked by uid 99); 9 Sep 2008 14:15:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Sep 2008 07:15:21 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 09 Sep 2008 14:14:31 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 45F4E238896E; Tue, 9 Sep 2008 07:14:33 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn propchange: r680947 - svn:log Date: Tue, 09 Sep 2008 14:14:33 -0000 To: dev@tomcat.apache.org From: markt@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20080909141433.45F4E238896E@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: markt Revision: 680947 Modified property: svn:log Modified: svn:log at Tue Sep 9 07:14:33 2008 ------------------------------------------------------------------------------ --- svn:log (original) +++ svn:log Tue Sep 9 07:14:33 2008 @@ -1,4 +1,5 @@ -Port r673834 to 5.5.x +Port r673834 to 5.5.x/4.1.x Make filtering of \r and \n in headers consistent for all connectors. Make handling of 404s consistent across components. Provide option to include custom status message in headers. SRV.5.3 suggests custom messages are intended for the body of the response, not the status line. +This is the security fix for CVE-2008-1232. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org