]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0fedd72)
add entry for r1209436 (CVE-2011-4317)
authorJeff Trawick <trawick@apache.org>
Thu, 19 Jan 2012 22:29:21 +0000 (22:29 +0000)
committerJeff Trawick <trawick@apache.org>
Thu, 19 Jan 2012 22:29:21 +0000 (22:29 +0000)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1233609 13f79535-47bb-0310-9956-ffa450edef68

CHANGES patch | blob | history

diff --git a/CHANGES b/CHANGES
index 75a5b203de5703025a1abd9c7d94b6e57d59d937..713d756e3b7e7c9381f3a9a1f27dccc64382453a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -36,6 +36,12 @@ Changes with Apache 2.4.0
 
 Changes with Apache 2.3.16
 
+  *) SECURITY: CVE-2011-4317 (cve.mitre.org)
+     Resolve additional cases of URL rewriting with ProxyPassMatch or
+     RewriteRule, where particular request-URIs could result in undesired
+     backend network exposure in some configurations.
+     [Joe Orton]
+
   *) core: Limit line length in .htaccess to 8K like in 2.2.x, to avoid
      additional DoS potential. [Stefan Fritsch]
 
Unnamed repository; edit this file 'description' to name the repository.