You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2012/12/06 13:43:44 UTC
svn commit: r1417815 - /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Author: kkolinko
Date: Thu Dec 6 12:43:44 2012
New Revision: 1417815
URL: http://svn.apache.org/viewvc?rev=1417815&view=rev
Log:
Update changelog.
Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1417815&r1=1417814&r2=1417815&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Dec 6 12:43:44 2012
@@ -218,7 +218,9 @@
handling of stale nonce values. (markt)
</fix>
<fix>
- Remove unneeded handling of FORM authentication in RealmBase. (kkolinko)
+ CVE-2012-3546: Fix bypass of security constraint checks with FORM
+ authentication. Remove unneeded processing in <code>RealmBase</code>.
+ (kkolinko)
</fix>
<fix>
<bug>53800</bug>: <code>FileDirContext.list()</code> did not provide
@@ -230,7 +232,9 @@
default value on Windows. (kkolinko)
</fix>
<fix>
- Improve session management in CsrfPreventionFilter. (kkolinko)
+ CVE-2012-4431: Fix bypass of <code>CsrfPreventionFilter</code> when
+ there is no session. Improve session management in the filter.
+ (kkolinko)
</fix>
</changelog>
</subsection>
@@ -255,8 +259,9 @@
AJP. (markt)
</fix>
<fix>
- <bug>52858</bug>: Fix high CPU load with SSL, NIO and sendfile when
- client breaks the connection before reading all the requested data.
+ <bug>52858</bug>, CVE-2012-4534: Fix high CPU load with SSL, NIO and
+ sendfile when client breaks the connection before reading all the
+ requested data.
(fhanik/kkolinko)
</fix>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org