From: Ruediger Pluem Date: Fri, 28 Dec 2007 16:01:52 +0000 (+0000) Subject: * Fix CHANGES wording for r606693. X-Git-Tag: 2.3.0~1094 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=517eb52ed2c2f3728f5ea326005e04ebf43bd8a7;p=apache * Fix CHANGES wording for r606693. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607276 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index ff711bcb22..4434d903f3 100644 --- a/CHANGES +++ b/CHANGES @@ -12,21 +12,10 @@ Changes with Apache 2.3.0 *) mod_deflate: Transform ETag when transforming the entity. PR 39727 [Henrik Nordstrom , Nick Kew] - *) mod_ldap: Set character set for status page to ISO-8859-1 to avoid - UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] - - *) mod_proxy_balancer: Set character set for balancer manager to ISO-8859-1 - to avoid UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] - - *) mod_proxy_ftp: Set character set for generated FTP directory listing to - ISO-8859-1 to avoid UTF-7 XSS vulnerabilities of certain browsers. - [Joe Orton] - - *) mod_info: Set character set for info page to ISO-8859-1 to avoid - UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] - - *) mod_dav: Set character set for error pages to ISO-8859-1 to avoid - UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] + *) Add explicit charset to the output of various modules to work around + possible cross-site scripting flaws affecting web browsers that do not + derive the response character set as required by RFC2616. One of these + reported by SecurityReason [Joe Orton] *) mod_ssl: Added server name indication support (RFC 4366). PR 34607. [Kaspar Brand ]