You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by kk...@apache.org on 2011/09/27 00:54:38 UTC

svn commit: r1176118 - /tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml

Author: kkolinko
Date: Mon Sep 26 22:54:37 2011
New Revision: 1176118

URL: http://svn.apache.org/viewvc?rev=1176118&view=rev
Log:
Add issue that was missed in changelog (r1172317).
Add CVE number to DIGEST authentication issue.

Modified:
    tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml

Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=1176118&r1=1176117&r2=1176118&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Mon Sep 26 22:54:37 2011
@@ -119,8 +119,8 @@
         (markt)
       </fix>
       <add>
-        Add additional configuration options to the DIGEST authenticator.
-        (markt)
+        CVE-2011-1184: Add additional configuration options to the DIGEST
+        authenticator. (markt)
       </add>
     </changelog>
   </subsection>
@@ -148,6 +148,10 @@
         <bug>51698</bug>: Fix CVE-2011-3190. Prevent AJP message injection.
         (markt)
       </fix>
+      <add>
+        Detect incomplete AJP messages and reject the associated request if one
+        is found. (markt) 
+      </add>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org