You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by kk...@apache.org on 2012/12/06 13:43:44 UTC

svn commit: r1417815 - /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Author: kkolinko
Date: Thu Dec  6 12:43:44 2012
New Revision: 1417815

URL: http://svn.apache.org/viewvc?rev=1417815&view=rev
Log:
Update changelog.

Modified:
    tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1417815&r1=1417814&r2=1417815&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Dec  6 12:43:44 2012
@@ -218,7 +218,9 @@
         handling of stale nonce values. (markt)
       </fix>
       <fix>
-        Remove unneeded handling of FORM authentication in RealmBase. (kkolinko)
+        CVE-2012-3546: Fix bypass of security constraint checks with FORM
+        authentication. Remove unneeded processing in <code>RealmBase</code>.
+        (kkolinko)
       </fix>
       <fix>
         <bug>53800</bug>: <code>FileDirContext.list()</code> did not provide
@@ -230,7 +232,9 @@
         default value on Windows. (kkolinko)
       </fix>
       <fix>
-        Improve session management in CsrfPreventionFilter. (kkolinko)
+        CVE-2012-4431: Fix bypass of <code>CsrfPreventionFilter</code> when
+        there is no session. Improve session management in the filter.
+        (kkolinko)
       </fix>
     </changelog>
   </subsection>
@@ -255,8 +259,9 @@
         AJP. (markt)
       </fix>
       <fix>
-        <bug>52858</bug>: Fix high CPU load with SSL, NIO and sendfile when
-        client breaks the connection before reading all the requested data.
+        <bug>52858</bug>, CVE-2012-4534: Fix high CPU load with SSL, NIO and
+        sendfile when client breaks the connection before reading all the
+        requested data.
         (fhanik/kkolinko)
       </fix>
       <fix>



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org