You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2014/02/25 15:04:17 UTC
svn commit: r1571700 - /tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Author: kkolinko
Date: Tue Feb 25 14:04:17 2014
New Revision: 1571700
URL: http://svn.apache.org/r1571700
Log:
Add CVE numbers to changelog.
Modified:
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1571700&r1=1571699&r2=1571700&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Tue Feb 25 14:04:17 2014
@@ -171,10 +171,12 @@
<code>true</code>. (markt)
</fix>
<fix>
+ Fix CVE-2014-0033:
Ensure that sessions IDs are not parsed from URLs for Contexts where
<code>disableURLRewriting</code> is <code>true</code>. (markt)
</fix>
<add>
+ Fix CVE-2013-4590:
Add an option to the Context to control the blocking of XML external
entities when parsing XML configuration files and enable this blocking
by default when a security manager is used. The block is implemented via
@@ -212,11 +214,12 @@
(markt)
</fix>
<fix>
+ Fix CVE-2013-4286:
Better adherence to RFC2616 for content-length headers. (markt)
</fix>
<fix>
- Add support for limiting the size of chunk extensions when using chunked
- encoding. (markt)
+ Fix CVE-2013-4322: Add support for limiting the size of chunk extensions
+ when using chunked encoding. (markt)
</fix>
<fix>
<bug>55749</bug>: Improve the error message when SSLEngine is disabled
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org