You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2016/12/05 14:46:00 UTC
svn commit: r1772685 - in /httpd/httpd/branches/2.4.x: CHANGES STATUS
Author: jim
Date: Mon Dec 5 14:46:00 2016
New Revision: 1772685
URL: http://svn.apache.org/viewvc?rev=1772685&view=rev
Log:
updates
Modified:
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/STATUS
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1772685&r1=1772684&r2=1772685&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Mon Dec 5 14:46:00 2016
@@ -4,7 +4,29 @@ Changes with Apache 2.4.24
*) mod_http2: CVE-2016-8740: Mitigate DoS memory exhaustion via endless
CONTINUATION frames.
- [Naveen Tiwari <na...@asu.edu> and CDF/SEFCOM at Arizona State University, Stefan Eissing]
+ [Naveen Tiwari <na...@asu.edu> and CDF/SEFCOM at Arizona State
+ University, Stefan Eissing]
+
+ *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
+ [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
+
+ *) Enforce http request grammer corresponding to RFC7230 for request lines
+ and request headers [William Rowe, Stefan Fritsch]
+
+ *) core: New directive HttpProtocolOptions to control httpd enforcement
+ of various RFC7230 requirements. [Stefan Fritsch, William Rowe]
+
+ *) core: Permit unencoded ';' characters to appear in proxy requests and
+ Location: response headers. Corresponds to modern browser behavior.
+ [William Rowe]
+
+ *) core: ap_rgetline_core now pulls from r->proto_input_filters.
+
+ *) core: Correctly parse an IPv6 literal host specification in an absolute
+ URL in the request line. [Stefan Fritsch]
+
+ *) core: New directive RegisterHttpMethod for registering non-standard
+ HTTP methods. [Stefan Fritsch]
*) mod_socache_memcache: Pass expiration time through to memcached.
[Faidon Liambotis <paravoid debian.org>, Joe Orton]
@@ -65,24 +87,6 @@ Changes with Apache 2.4.24
the same PID (e.g. in container). PR 60261.
[Val <valentin.bremond gmail.com>, Yann Ylavic]
- *) Enforce http request grammer corresponding to RFC7230 for request lines
- and request headers [William Rowe, Stefan Fritsch]
-
- *) core: New directive HttpProtocolOptions to control httpd enforcement
- of various RFC7230 requirements. [Stefan Fritsch, William Rowe]
-
- *) core: Permit unencoded ';' characters to appear in proxy requests and
- Location: response headers. Corresponds to modern browser behavior.
- [William Rowe]
-
- *) core: ap_rgetline_core now pulls from r->proto_input_filters.
-
- *) core: Correctly parse an IPv6 literal host specification in an absolute
- URL in the request line. [Stefan Fritsch]
-
- *) core: New directive RegisterHttpMethod for registering non-standard
- HTTP methods. [Stefan Fritsch]
-
*) mod_http2: unannounced and multiple interim responses (status code < 200)
are parsed and forwarded to client until a final response arrives.
[Stefan Eissing]
@@ -171,9 +175,6 @@ Changes with Apache 2.4.24
*) mod_http2: handling graceful shutdown gracefully, e.g. handling existing
streams to the end. [Stefan Eissing]
- *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
- [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
-
*) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data
available before the request is sent. PR 57832. [Yann Ylavic]
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1772685&r1=1772684&r2=1772685&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon Dec 5 14:46:00 2016
@@ -147,6 +147,7 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
2.4.x patch: trunk works modulo CHANGES and next-number
+1: jim
jailletc36: compatibility note missing in the XML file
+ jim: Will address during commit
*) mod_lua: Fix default value of LuaInherit directive. It should be