You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2007/12/29 20:55:21 UTC

svn commit: r607469 - /httpd/httpd/branches/2.2.x/STATUS

Author: rpluem
Date: Sat Dec 29 11:55:20 2007
New Revision: 607469

URL: http://svn.apache.org/viewvc?rev=607469&view=rev
Log:
* Promote and comment.

Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=607469&r1=607468&r2=607469&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Sat Dec 29 11:55:20 2007
@@ -93,18 +93,10 @@
                 give us UTF-8).  Also mod_dav embeds r->uri in the response:
                 we would need to URL-escape that before HTML-escaping it
                 to ensure that it's ISO-8859-1-compatible.
-
-   * mod_proxy_balancer: Prevent crash in balancer manager if invalid balancer
-     name is passed as parameter.
-     Trunk version of patch:
-        http://svn.apache.org/viewvc?rev=607273&view=rev
-        http://svn.apache.org/viewvc?rev=607402&view=rev (CVE number added
-                                                          to CHANGES entry)
-     Backport version for 2.2.x of patch:
-        Trunk version of patch works
-     +1: rpluem, jorton
-     niq: +1 to the fix, but wouldn't it be a good idea to log a debug
-          message rather than silently ignore it if the test fails?
+      rpluem says: Please see my answers on list. Keep in mind that we do NOT
+                   create a regression by this patch but only enforce browsers
+                   who do not act in an RFC compliant manner to do so.
+                   So please reconsider your -1.
 
    * mod_proxy_balancer: Correctly escape the worker route and the worker
      redirect string in the HTML output of the balancer manager.
@@ -128,6 +120,22 @@
 
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
+
+   * mod_proxy_balancer: Prevent crash in balancer manager if invalid balancer
+     name is passed as parameter.
+     Trunk version of patch:
+        http://svn.apache.org/viewvc?rev=607273&view=rev
+        http://svn.apache.org/viewvc?rev=607402&view=rev (CVE number added
+                                                          to CHANGES entry)
+     Backport version for 2.2.x of patch:
+        Trunk version of patch works
+     +1: rpluem, jorton
+     niq: +1 to the fix, but wouldn't it be a good idea to log a debug
+          message rather than silently ignore it if the test fails?
+     rpluem: I do not see this need right now as this cannot happen if you
+             use the link contructed by the balancer manager. It can only
+             happen if you construct the URL by yourself. But I may change my
+             mind once I have to do bug hunting in this area :-).
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]