You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by jo...@apache.org on 2009/06/03 17:29:39 UTC
svn commit: r781433 - /apr/apr-util/branches/1.3.x/CHANGES
Author: jorton
Date: Wed Jun 3 15:29:39 2009
New Revision: 781433
URL: http://svn.apache.org/viewvc?rev=781433&view=rev
Log:
Document billion laughs fix -- CVE name has been requested but may take a while.
Modified:
apr/apr-util/branches/1.3.x/CHANGES
Modified: apr/apr-util/branches/1.3.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/CHANGES?rev=781433&r1=781432&r2=781433&view=diff
==============================================================================
--- apr/apr-util/branches/1.3.x/CHANGES [utf-8] (original)
+++ apr/apr-util/branches/1.3.x/CHANGES [utf-8] Wed Jun 3 15:29:39 2009
@@ -1,7 +1,9 @@
-*- coding: utf-8 -*-
Changes with APR-util 1.3.7
-
+ *) SECURITY:
+ Prevent the "billion laughs" attack against expat by default.
+ [Joe Orton]
Changes with APR-util 1.3.6