From: Ruediger Pluem Date: Fri, 28 Dec 2007 16:01:52 +0000 (+0000) Subject: * Fix CHANGES wording for r606693. X-Git-Tag: 2.3.0~1094 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=517eb52ed2c2f3728f5ea326005e04ebf43bd8a7;p=thirdparty%2Fapache%2Fhttpd.git * Fix CHANGES wording for r606693. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607276 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index ff711bcb227..4434d903f3f 100644 --- a/CHANGES +++ b/CHANGES @@ -12,21 +12,10 @@ Changes with Apache 2.3.0 *) mod_deflate: Transform ETag when transforming the entity. PR 39727 [Henrik Nordstrom , Nick Kew] - *) mod_ldap: Set character set for status page to ISO-8859-1 to avoid - UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] - - *) mod_proxy_balancer: Set character set for balancer manager to ISO-8859-1 - to avoid UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] - - *) mod_proxy_ftp: Set character set for generated FTP directory listing to - ISO-8859-1 to avoid UTF-7 XSS vulnerabilities of certain browsers. - [Joe Orton] - - *) mod_info: Set character set for info page to ISO-8859-1 to avoid - UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] - - *) mod_dav: Set character set for error pages to ISO-8859-1 to avoid - UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton] + *) Add explicit charset to the output of various modules to work around + possible cross-site scripting flaws affecting web browsers that do not + derive the response character set as required by RFC2616. One of these + reported by SecurityReason [Joe Orton] *) mod_ssl: Added server name indication support (RFC 4366). PR 34607. [Kaspar Brand ]