tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn propchange: r1380829 - svn:log
Date Mon, 05 Nov 2012 23:04:08 GMT
Author: markt
Revision: 1380829
Modified property: svn:log

Modified: svn:log at Mon Nov  5 23:04:08 2012
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Mon Nov  5 23:04:08 2012
@@ -1 +1,3 @@
 Various improvements to the DIGEST authenticator including <bug>52954</bug>,
the disabling caching of an authenticated user in the session by default, tracking server
rather than client nonces and better handling of stale nonce values.
+
+This fixed CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message