The request smuggling issue did get assigned CAN-2005-2088.

author Paul Querna <pquerna@apache.org>

Fri, 8 Jul 2005 09:35:56 +0000 (09:35 +0000)

committer Paul Querna <pquerna@apache.org>

Fri, 8 Jul 2005 09:35:56 +0000 (09:35 +0000)
author Paul Querna <pquerna@apache.org>
Fri, 8 Jul 2005 09:35:56 +0000 (09:35 +0000)
committer Paul Querna <pquerna@apache.org>
Fri, 8 Jul 2005 09:35:56 +0000 (09:35 +0000)
diff --git a/CHANGES b/CHANGES

index 208d30948d7182767e752859618621796121d62c..e28e9300cf39761d6909e0f5c969f6b24d77a216 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -19,7 +19,7 @@ Changes with Apache 2.1.6
    *) Fix htdbm password validation for records which included comments.
       [Eric Covener <covener gmail.com>]
  
-  *) SECURITY: 
+  *) SECURITY: CAN-2005-2088
       proxy HTTP: If a response contains both Transfer-Encoding and a 
       Content-Length, remove the Content-Length and don't reuse the
       connection, stopping some HTTP Request smuggling attacks.
@@ -30,7 +30,7 @@ Changes with Apache 2.1.6
  
  Changes with Apache 2.1.5
  
-  *) SECURITY: 
+  *) SECURITY: CAN-2005-2088
       core: If a request contains both Transfer-Encoding and a Content-Length,
       remove the Content-Length, stopping some HTTP Request smuggling attacks.
       [Paul Querna]
author	Paul Querna <pquerna@apache.org>
	Fri, 8 Jul 2005 09:35:56 +0000 (09:35 +0000)
committer	Paul Querna <pquerna@apache.org>
	Fri, 8 Jul 2005 09:35:56 +0000 (09:35 +0000)