diff options
author | Jim Jagielski <jim@apache.org> | 2008-01-02 19:29:59 +0000 |
---|---|---|
committer | Jim Jagielski <jim@apache.org> | 2008-01-02 19:29:59 +0000 |
commit | 2702f2eeea9e7ef8cf059128014145a3db97705a (patch) | |
tree | f37675089cbd77ad3d07e0f1ee2451520304a8f6 /CHANGES | |
parent | 08845c1f93cb5c280f540c8046f5c4ea022b79ee (diff) | |
download | httpd-2702f2eeea9e7ef8cf059128014145a3db97705a.tar.gz |
http://svn.apache.org/viewvc?rev=606693&view=rev
http://svn.apache.org/viewvc?rev=607276&view=rev
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@608194 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -17,6 +17,11 @@ Changes with Apache 2.0.62 shutdown of the server when the MaxClients is higher then 257, in a more responsive manner [Mladen Turk, William Rowe] + *) Add explicit charset to the output of various modules to work around + possible cross-site scripting flaws affecting web browsers that do not + derive the response character set as required by RFC2616. One of these + reported by SecurityReason [Joe Orton] + *) http_protocol: Escape request method in 405 error reporting. This has no security impact since the browser cannot be tricked into sending arbitrary method strings. [Jeff Trawick] |