You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@apr.apache.org by jo...@apache.org on 2009/06/03 17:37:45 UTC

svn commit: r781436 - /apr/apr-util/branches/1.3.x/CHANGES

Author: jorton
Date: Wed Jun  3 15:37:44 2009
New Revision: 781436

URL: http://svn.apache.org/viewvc?rev=781436&view=rev
Log:
Expand the description.

Modified:
    apr/apr-util/branches/1.3.x/CHANGES

Modified: apr/apr-util/branches/1.3.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?rev=781436&r1=781435&r2=781436&view=diff
==============================================================================
--- apr/apr-util/branches/1.3.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.3.x/CHANGES [utf-8] Wed Jun  3 15:37:44 2009
@@ -2,7 +2,8 @@
 Changes with APR-util 1.3.7
 
   *) SECURITY:        
-     Prevent the "billion laughs" attack against expat by default.
+     Fix a denial of service attack against the apr_xml_* interface
+     using the "billion laughs" entity expansion technique.
      [Joe Orton]
 
 Changes with APR-util 1.3.6