serios info leakage!

author Daniel Stenberg <daniel@haxx.se>

Sun, 3 Aug 2003 21:33:25 +0000 (21:33 +0000)

committer Daniel Stenberg <daniel@haxx.se>

Sun, 3 Aug 2003 21:33:25 +0000 (21:33 +0000)
author Daniel Stenberg <daniel@haxx.se>
Sun, 3 Aug 2003 21:33:25 +0000 (21:33 +0000)
committer Daniel Stenberg <daniel@haxx.se>
Sun, 3 Aug 2003 21:33:25 +0000 (21:33 +0000)
diff --git a/CHANGES b/CHANGES

index 138d7c4bba3c224884f74b18b0cb34ff3b62c1aa..94a5318a103ada8fcfb8bbe4cb6e9424e70b9521 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,14 @@
  
                                    Changelog
  
+Daniel (3 August)
+- When proxy authentication is used in a CONNECT request (as used for all SSL
+  connects and otherwise enforced tunnel-thru-proxy requests), the same
+  authentication header is also wrongly sent to the remote host.
+
+  This is a rather significant info leak. I've fixed it now and mailed a patch
+  and warning to the mailing lists.
+
  Daniel (1 August)
  - David Byron provided a patch to make 7.10.6 build correctly with the
    compressed hugehelp.c source file.
author	Daniel Stenberg <daniel@haxx.se>
	Sun, 3 Aug 2003 21:33:25 +0000 (21:33 +0000)
committer	Daniel Stenberg <daniel@haxx.se>
	Sun, 3 Aug 2003 21:33:25 +0000 (21:33 +0000)