*) SECURITY: CVE-2014-3583 (cve.mitre.org)
mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with
response headers' size above 8K. [Yann Ylavic, Jeff Trawick]
- *) event: Update the internal "connection id" when requests
- move from thread to thread. Reuse can confuse modules like
- mod_cgid. PR 57435. [Michael Thorpe <mike gistnet.com>]
*) SECURITY: CVE-2014-3581 (cve.mitre.org)
mod_cache: Avoid a crash when Content-Type has an empty value.
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior. [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
+ *) mod_proxy_fcgi: Remove proxy:balancer:// prefix from SCRIPT_FILENAME
+ passed to fastcgi backends. [Eric Covener]
+
*) mod_ssl: Add support for extracting subjectAltName entries of type
rfc822Name and dNSName into SSL_{CLIENT,SERVER}_SAN_{Email,DNS}_n
environment variables. Also addresses PR 57207. [Kaspar Brand]
apr_status_t rv;
apr_size_t avail_len, len, required_len;
int next_elem, starting_elem;
+ char *proxyfilename = r->filename;
+
+ /* Strip balancer prefix */
+ if (r->filename && !strncmp(r->filename, "proxy:balancer://", 17)) {
+ char *newfname = apr_pstrdup(r->pool, r->filename+17);
+ newfname = ap_strchr(newfname, '/');
+ r->filename = newfname;
+ }
ap_add_common_vars(r);
ap_add_cgi_vars(r);
+
+ r->filename = proxyfilename;
/* XXX are there any FastCGI specific env vars we need to send? */