*) mod_dav: Fix improper encoding in PROPFIND responses. PR 56480.
+1: breser, rpluem, ylavic
-
-PATCHES PROPOSED TO BACKPORT FROM TRUNK:
- [ New proposals should be added at the end of the list ]
-
* SECURITY: CVE-2014-0231
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
2.2.x patch: http://people.apache.org/~covener/patches/httpd-2.2.x-cgid-script_timeout.diff
+1: covener, trawick, ylavic
+ * mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
+ resumed by TLS session resumption (RFC 5077).
+ trunk patch: http://svn.apache.org/r1610311
+ 2.4.x patch: Trunk patch works modulo CHANGES
+ and compatibility note.
+ 2.2.x patch: http://people.apache.org/~rjung/patches/mod_ssl_session_resumption_timeout-2.2.patch
+ +1: rjung, ylavic, covener
+
+
+
+PATCHES PROPOSED TO BACKPORT FROM TRUNK:
+ [ New proposals should be added at the end of the list ]
+
+
* SECURITY: CVE-2014-0118 (cve.mitre.org)
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
(modulo CHANGES)
+1: ylavic, breser
- * mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
- resumed by TLS session resumption (RFC 5077).
- trunk patch: http://svn.apache.org/r1610311
- 2.4.x patch: Trunk patch works modulo CHANGES
- and compatibility note.
- 2.2.x patch: http://people.apache.org/~rjung/patches/mod_ssl_session_resumption_timeout-2.2.patch
- +1: rjung, ylavic
-
*) core: Detect incomplete request and response bodies, log an error and
forward it to the underlying filters. PR 55475 [Yann Ylavic]
trunk patch: http://svn.apache.org/r1538776
projects / thirdparty / apache / httpd.git / commitdiff
