diff options
author | Yann Ylavic <ylavic@apache.org> | 2016-12-06 00:46:40 +0100 |
---|---|---|
committer | Yann Ylavic <ylavic@apache.org> | 2016-12-06 00:46:40 +0100 |
commit | 5a41a0e7bbb37c12f2dec42811f54980754e7937 (patch) | |
tree | a666ce84d0d1df7f4b5f50cfc189b21bc2252e2d /CHANGES | |
parent | mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash) (diff) | |
download | apache2-5a41a0e7bbb37c12f2dec42811f54980754e7937.tar.xz apache2-5a41a0e7bbb37c12f2dec42811f54980754e7937.zip |
mod_session_crypto: follow up to r1772812: CHANGES entry.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772813 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rw-r--r-- | CHANGES | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -1,6 +1,11 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) SECURITY: CVE-2016-0736 (cve.mitre.org) + mod_session_crypto: Authenticate the session data/cookie with a + MAC (SipHash) to prevent deciphering or tampering with a padding + oracle attack. [Yann Ylavic, Colm MacCarthaigh] + *) mod_lua: Fix default value of LuaInherit directive. It should be 'parent-first' instead of 'none', as per documentation. PR 60419 [Christophe Jaillet] |