You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2007/12/28 17:41:55 UTC

svn commit: r607285 - /httpd/httpd/branches/2.2.x/STATUS

Author: rpluem
Date: Fri Dec 28 08:41:50 2007
New Revision: 607285

URL: http://svn.apache.org/viewvc?rev=607285&view=rev
Log:
* Add new proposals.

Modified:
    httpd/httpd/branches/2.2.x/STATUS

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=607285&r1=607284&r2=607285&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Dec 28 08:41:50 2007
@@ -76,6 +76,40 @@
 
 RELEASE SHOWSTOPPERS:
 
+   * Various modules: Add explicit charset to the output of various modules to
+     work around possible cross-site scripting flaws affecting web browsers that
+     do not derive the response character set as required by RFC2616.
+      Trunk version of patch:
+         http://svn.apache.org/viewvc?rev=606693&view=rev
+         http://svn.apache.org/viewvc?rev=607276&view=rev
+      Backport version for 2.2.x of patch:
+         http://people.apache.org/~rpluem/patches/utf7_fix_2.2.x.diff
+      +1: rpluem,
+
+   * mod_status: Ensure refresh parameter is numeric to prevent a possible XSS
+     attack caused by redirecting to other URLs.
+      Trunk version of patch:
+         http://svn.apache.org/viewvc?rev=607282&view=rev
+      Backport version for 2.0.x of patch:
+         http://awe.com/e8f6ad05238f8/CVE-2007-6388-httpd-2.x.patch
+      +1: rpluem,
+
+   * mod_proxy_balancer: Prevent crash in balancer manager if invalid balancer
+     name is passed as parameter.
+     Trunk version of patch:
+        http://svn.apache.org/viewvc?rev=607273&view=rev
+     Backport version for 2.2.x of patch:
+        Trunk version of patch works
+     +1: rpluem,
+
+   * mod_proxy_balancer: Correctly escape the worker route and the worker
+     redirect string in the HTML output of the balancer manager.
+     Trunk version of patch:
+        http://svn.apache.org/viewvc?rev=607275&view=rev
+     Backport version for 2.2.x of patch:
+        Trunk version of patch works
+     +1: rpluem,
+
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]