You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2015/03/04 20:22:14 UTC
svn commit: r1664122 - /httpd/httpd/trunk/CHANGES
Author: covener
Date: Wed Mar 4 19:22:14 2015
New Revision: 1664122
URL: http://svn.apache.org/r1664122
Log:
backported
Modified:
httpd/httpd/trunk/CHANGES
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1664122&r1=1664121&r2=1664122&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Mar 4 19:22:14 2015
@@ -1,11 +1,6 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
- *) SECURITY: CVE-2015-0228 (cve.mitre.org)
- mod_lua: A maliciously crafted websockets PING after a script
- calls r:wsupgrade() can cause a child process crash.
- [Edward Lu <Chaosed0 gmail.com>]
-
*) core: If explicitly configured, use the KeepaliveTimeout value of the
virtual host which handled the latest request on the connection, or by
default the one of the first virtual host bound to the same IP:port.