You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2014/07/14 22:23:28 UTC

svn commit: r1610514 - /httpd/httpd/branches/2.4.x/CHANGES

Author: covener
Date: Mon Jul 14 20:23:27 2014
New Revision: 1610514

URL: http://svn.apache.org/r1610514
Log:
add CGIDRequestTimeout to CHANGES


Modified:
    httpd/httpd/branches/2.4.x/CHANGES

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1610514&r1=1610513&r2=1610514&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Mon Jul 14 20:23:27 2014
@@ -16,7 +16,8 @@ Changes with Apache 2.4.10
   *) SECURITY: CVE-2014-0231 (cve.mitre.org)
      mod_cgid: Fix a denial of service against CGI scripts that do
      not consume stdin that could lead to lingering HTTPD child processes
-     filling up the scoreboard and eventually hanging the server.
+     filling up the scoreboard and eventually hanging the server. Adds
+     "CGIDRequestTimeout" directive.
      [Rainer Jung, Eric Covener, Yann Ylavic]
 
   *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions