You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by bu...@apache.org on 2017/07/26 22:07:02 UTC

svn commit: r1016012 - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_24.html

Author: buildbot
Date: Wed Jul 26 22:07:01 2017
New Revision: 1016012

Log:
Staging update by buildbot for httpd

Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
    websites/staging/httpd/trunk/content/security/vulnerabilities_24.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Jul 26 22:07:01 2017
@@ -1 +1 @@
-1803116
+1803119

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml Wed Jul 26 22:07:01 2017
@@ -414,10 +414,12 @@ to request B, polluting the cache or pot
 a different downstream user-agent.
 </p><p>
 These defects are addressed with the release of Apache HTTP Server 2.4.25
-and coordinated by a new directive;<br />
+and coordinated by a new directive;
+</p>
 <ul><li>
 <a href="http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions"
   >HttpProtocolOptions Strict</a></li></ul>
+<p>
 which is the default behavior of 2.4.25 and later. By toggling from 'Strict'
 behavior to 'Unsafe' behavior, some of the restrictions may be relaxed to allow
 some invalid HTTP/1.1 clients to communicate with the server, but this will

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Wed Jul 26 22:07:01 2017
@@ -353,9 +353,13 @@ a different downstream user-agent.
 </p>
     <p>
 These defects are addressed with the release of Apache HTTP Server 2.4.25
-and coordinated by a new directive;<br/>
-<ul><li>
-<a href="http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions">HttpProtocolOptions Strict</a></li></ul>
+and coordinated by a new directive;
+</p>
+    <ul>
+      <li>
+<a href="http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions">HttpProtocolOptions Strict</a></li>
+    </ul>
+    <p>
 which is the default behavior of 2.4.25 and later. By toggling from 'Strict'
 behavior to 'Unsafe' behavior, some of the restrictions may be relaxed to allow
 some invalid HTTP/1.1 clients to communicate with the server, but this will