mod_version_for_2.0.x branch:

* Merge 191323 to 219658 from branches/2.0.x git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/mod_version_for_2.0.x@219659 13f79535-47bb-0310-9956-ffa450edef68
author: AndrĂŠ Malo <nd@apache.org> 2005-07-19 11:57:30 +0000
committer: AndrĂŠ Malo <nd@apache.org> 2005-07-19 11:57:30 +0000
commit: bab0071e4e0dc8a56e68c34b2b54cf77df024dac (patch)
tree: e75ecdb087eaaa9c8520903f746dd465ab832eb7 /CHANGES
parent: 9022af073a76c40c6b1b920e0e8d1a4797dfef4c (diff)
download: httpd-bab0071e4e0dc8a56e68c34b2b54cf77df024dac.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 3e51c2b053..4f6025588b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,19 @@ Changes with Apache 2.0.55
      accompanying ap_version_t structure (minor MMN bump).
      [André Malo]
 
+  *) SECURITY: CAN-2005-2088
+     core: If a request contains both Transfer-Encoding and Content-Length
+     headers, remove the Content-Length, mitigating some HTTP Request 
+     Splitting/Spoofing attacks.  [Paul Querna, Joe Orton]
+
+  *) proxy HTTP: If a response contains both Transfer-Encoding and a 
+     Content-Length, remove the Content-Length and don't reuse the
+     connection, mitigating some HTTP Response Splitting attacks.
+     [Jeff Trawick]
+
+  *) Prevent hangs of child processes when writing to piped loggers at
+     the time of graceful restart.  PR 26467.  [Jeff Trawick]
+
   *) SECURITY: CAN-2005-1268 (cve.mitre.org)
      mod_ssl: Fix off-by-one overflow whilst printing CRL information
      at "LogLevel debug" which could be triggered if configured
author	AndrĂŠ Malo <nd@apache.org>	2005-07-19 11:57:30 +0000
committer	AndrĂŠ Malo <nd@apache.org>	2005-07-19 11:57:30 +0000
commit	bab0071e4e0dc8a56e68c34b2b54cf77df024dac (patch)
tree	e75ecdb087eaaa9c8520903f746dd465ab832eb7 /CHANGES
parent	9022af073a76c40c6b1b920e0e8d1a4797dfef4c (diff)
download	httpd-bab0071e4e0dc8a56e68c34b2b54cf77df024dac.tar.gz