http://svn.apache.org/viewvc?rev=606693&view=rev

http://svn.apache.org/viewvc?rev=607276&view=rev git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@608194 13f79535-47bb-0310-9956-ffa450edef68
author: Jim Jagielski <jim@apache.org> 2008-01-02 19:29:59 +0000
committer: Jim Jagielski <jim@apache.org> 2008-01-02 19:29:59 +0000
commit: 2702f2eeea9e7ef8cf059128014145a3db97705a (patch)
tree: f37675089cbd77ad3d07e0f1ee2451520304a8f6 /CHANGES
parent: 08845c1f93cb5c280f540c8046f5c4ea022b79ee (diff)
download: httpd-2702f2eeea9e7ef8cf059128014145a3db97705a.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 7dd99a6ccf..e55a69a17a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -17,6 +17,11 @@ Changes with Apache 2.0.62
      shutdown of the server when the MaxClients is higher then 257,
      in a more responsive manner [Mladen Turk, William Rowe]
 
+  *) Add explicit charset to the output of various modules to work around
+     possible cross-site scripting flaws affecting web browsers that do not
+     derive the response character set as required by  RFC2616.  One of these
+     reported by SecurityReason [Joe Orton]
+
   *) http_protocol: Escape request method in 405 error reporting.
      This has no security impact since the browser cannot be tricked
      into sending arbitrary method strings.  [Jeff Trawick]
author	Jim Jagielski <jim@apache.org>	2008-01-02 19:29:59 +0000
committer	Jim Jagielski <jim@apache.org>	2008-01-02 19:29:59 +0000
commit	2702f2eeea9e7ef8cf059128014145a3db97705a (patch)
tree	f37675089cbd77ad3d07e0f1ee2451520304a8f6 /CHANGES
parent	08845c1f93cb5c280f540c8046f5c4ea022b79ee (diff)
download	httpd-2702f2eeea9e7ef8cf059128014145a3db97705a.tar.gz