You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2017/07/27 00:00:59 UTC
svn commit: r1016016 - in /websites/staging/httpd/trunk/content: ./
security/vulnerabilities-httpd.xml security/vulnerabilities_22.html
Author: buildbot
Date: Thu Jul 27 00:00:58 2017
New Revision: 1016016
Log:
Staging update by buildbot for httpd
Modified:
websites/staging/httpd/trunk/content/ (props changed)
websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Jul 27 00:00:58 2017
@@ -1 +1 @@
-1803119
+1803126
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml Thu Jul 27 00:00:58 2017
@@ -486,10 +486,12 @@ to request B, polluting the cache or pot
a different downstream user-agent.
</p><p>
These defects are addressed with the release of Apache HTTP Server 2.4.25
-and coordinated by a new directive;<br />
+and coordinated by a new directive;
+</p>
<ul><li>
<a href="http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions"
>HttpProtocolOptions Strict</a></li></ul>
+<p>
which is the default behavior of 2.4.25 and later. By toggling from 'Strict'
behavior to 'Unsafe' behavior, some of the restrictions may be relaxed to allow
some invalid HTTP/1.1 clients to communicate with the server, but this will
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_22.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_22.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_22.html Thu Jul 27 00:00:58 2017
@@ -300,9 +300,13 @@ a different downstream user-agent.
</p>
<p>
These defects are addressed with the release of Apache HTTP Server 2.4.25
-and coordinated by a new directive;<br/>
-<ul><li>
-<a href="http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions">HttpProtocolOptions Strict</a></li></ul>
+and coordinated by a new directive;
+</p>
+ <ul>
+ <li>
+<a href="http://httpd.apache.org/docs/2.4/mod/core.html#httpprotocoloptions">HttpProtocolOptions Strict</a></li>
+ </ul>
+ <p>
which is the default behavior of 2.4.25 and later. By toggling from 'Strict'
behavior to 'Unsafe' behavior, some of the restrictions may be relaxed to allow
some invalid HTTP/1.1 clients to communicate with the server, but this will