summaryrefslogtreecommitdiffstats
path: root/CHANGES
diff options
context:
space:
mode:
authorYann Ylavic <ylavic@apache.org>2016-12-06 00:46:40 +0100
committerYann Ylavic <ylavic@apache.org>2016-12-06 00:46:40 +0100
commit5a41a0e7bbb37c12f2dec42811f54980754e7937 (patch)
treea666ce84d0d1df7f4b5f50cfc189b21bc2252e2d /CHANGES
parentmod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash) (diff)
downloadapache2-5a41a0e7bbb37c12f2dec42811f54980754e7937.tar.xz
apache2-5a41a0e7bbb37c12f2dec42811f54980754e7937.zip
mod_session_crypto: follow up to r1772812: CHANGES entry.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1772813 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rw-r--r--CHANGES5
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 8811eea498..51904675ff 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,11 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) SECURITY: CVE-2016-0736 (cve.mitre.org)
+ mod_session_crypto: Authenticate the session data/cookie with a
+ MAC (SipHash) to prevent deciphering or tampering with a padding
+ oracle attack. [Yann Ylavic, Colm MacCarthaigh]
+
*) mod_lua: Fix default value of LuaInherit directive. It should be
'parent-first' instead of 'none', as per documentation. PR 60419
[Christophe Jaillet]