diff options
| author | Ruediger Pluem <rpluem@apache.org> | 2006-03-31 23:36:38 +0200 |
|---|---|---|
| committer | Ruediger Pluem <rpluem@apache.org> | 2006-03-31 23:36:38 +0200 |
| commit | 4c82c8acd335fa2fdd0394512902b8a3b223e425 (patch) | |
| tree | 9d35200149e93b8d77d0edc32d12c83897a568e9 /CHANGES | |
| parent | Clean up some stuff found by Coverity. (diff) | |
| download | apache2-4c82c8acd335fa2fdd0394512902b8a3b223e425.tar.xz apache2-4c82c8acd335fa2fdd0394512902b8a3b223e425.zip | |
* Sync with 2.2.x CHANGES file
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@390507 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 29 |
1 files changed, 16 insertions, 13 deletions
@@ -99,6 +99,22 @@ Changes with Apache 2.3.0 Changes with Apache 2.2.1 + *) SECURITY: CVE-2005-3357 (cve.mitre.org) + mod_ssl: Fix a possible crash during access control checks if a + non-SSL request is processed for an SSL vhost (such as the + "HTTP request received on SSL port" error message when an 400 + ErrorDocument is configured, or if using "SSLEngine optional"). + PR 37791. [Rüdiger Plüm, Joe Orton] + + *) SECURITY: CVE-2005-3352 (cve.mitre.org) + mod_imagemap: Escape untrusted referer header before outputting + in HTML to avoid potential cross-site scripting. Change also + made to ap_escape_html so we escape quotes. Reported by JPCERT. + [Mark Cox] + + *) core: Reject invalid Expect header immediately. PR 38123. + [Ruediger Pluem] + *) mod_proxy: Fix KeepAlives not being allowed and set to backend servers. PR 38602. [Ruediger Pluem, Jim Jagielski] @@ -125,19 +141,6 @@ Changes with Apache 2.2.1 *) mod_speling: Stop crashing with certain non-file requests. [Jeff Trawick] - *) SECURITY: CVE-2005-3357 (cve.mitre.org) - mod_ssl: Fix a possible crash during access control checks if a - non-SSL request is processed for an SSL vhost (such as the - "HTTP request received on SSL port" error message when an 400 - ErrorDocument is configured, or if using "SSLEngine optional"). - PR 37791. [Rüdiger Plüm, Joe Orton] - - *) SECURITY: CVE-2005-3352 (cve.mitre.org) - mod_imagemap: Escape untrusted referer header before outputting - in HTML to avoid potential cross-site scripting. Change also - made to ap_escape_html so we escape quotes. Reported by JPCERT. - [Mark Cox] - *) mod_cache: Make caching of reverse proxies possible again. PR 38017. [Ruediger Pluem] |