You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2012/07/04 16:14:30 UTC
svn commit: r1357274 - /httpd/httpd/trunk/CHANGES
Author: covener
Date: Wed Jul 4 14:14:30 2012
New Revision: 1357274
URL: http://svn.apache.org/viewvc?rev=1357274&view=rev
Log:
zap recent backports
Modified:
httpd/httpd/trunk/CHANGES
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1357274&r1=1357273&r2=1357274&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Jul 4 14:14:30 2012
@@ -1,11 +1,6 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
- *) SECURITY: CVE-2012-2687 (cve.mitre.org)
- mod_negotiation: Escape filenames in variant list to prevent an
- possible XSS for a site where untrusted users can upload files to
- a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]
-
*) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]
*) mod_ssl: Add RFC 5878 support. [Ben Laurie]
@@ -37,9 +32,6 @@ Changes with Apache 2.5.0
for TLS, RFC 5054). PR 51075. [Quinn Slack <sqs cs stanford edu>,
Christophe Renou, Peter Sylvester]
- *) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
- [Paul Wouters <pwouters redhat.com>, Joe Orton]
-
*) mod_ssl: Add new directive SSLCompression to disable TLS-level
compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]
@@ -63,10 +55,6 @@ Changes with Apache 2.5.0
*) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on
one connection. PR 52275. [Naohiro Ooiwa <naohiro ooiwa miraclelinux com>]
- *) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
- forwarding to SSL backends. PR 53134.
- [Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]
-
*) mod_ssl: Add support for TLS Next Protocol Negotiation. PR 52210.
[Matthew Steele <mdsteele google.com>]
@@ -86,10 +74,6 @@ Changes with Apache 2.5.0
*) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
PR 53048. [Stefan Fritsch]
- *) core: Fix error handling in ap_scan_script_header_err_brigade() if there
- is no EOS bucket in the brigade. Fixes segfault with mod_proxy_fcgi.
- PR 48272. [Stefan Fritsch]
-
*) mod_proxy_fcgi: If there is an error reading the headers from the
backend, send an error to the client. PR 52879. [Stefan Fritsch]