From: Ruediger Pluem Date: Wed, 2 Jan 2008 09:50:56 +0000 (+0000) Subject: * These are now backported. X-Git-Tag: 2.3.0~1065 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=96b3683a8c9a94194b51040d335ee6f5136423e7;p=apache * These are now backported. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@608063 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index e9a5795260..dac3197b43 100644 --- a/CHANGES +++ b/CHANGES @@ -2,20 +2,6 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] - *) SECURITY: CVE-2007-6388 (cve.mitre.org) - mod_status: Ensure refresh parameter is numeric to prevent - a possible XSS attack caused by redirecting to other URLs. - Reported by SecurityReason. [Mark Cox, Joe Orton] - - *) SECURITY: CVE-2007-6421 (cve.mitre.org) - mod_proxy_balancer: Correctly escape the worker route and the worker - redirect string in the HTML output of the balancer manager. - Reported by SecurityReason. [Ruediger Pluem] - - *) SECURITY: CVE-2007-6422 (cve.mitre.org) - Prevent crash in balancer manager if invalid balancer name is passed - as parameter. Reported by SecurityReason. [Ruediger Pluem] - *) Introduce the ProxyFtpDirCharset directive, allowing the administrator to identify a default, or specific servers or paths which list their contents in other-than ISO-8859-1 charset (e.g. utf-8). [Ruediger Pluem] @@ -23,11 +9,6 @@ Changes with Apache 2.3.0 *) mod_dav: Fix evaluation of If-Match * and If-None-Match * conditionals. PR 38034 [Paritosh Shah ] - *) mod_dav: Adjust etag generation to produce identical results on 32-bit - and 64-bit platforms and avoid a regression with conditional PUT's on lock - and etag. PR 44152. - [Michael Clark , Ruediger Pluem] - *) mod_deflate: Transform ETag when transforming the entity. PR 39727 [Henrik Nordstrom , Nick Kew]