From: Ruediger Pluem Date: Fri, 28 Dec 2007 16:41:50 +0000 (+0000) Subject: * Add new proposals. X-Git-Tag: 2.2.7~62 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ce11df346991d8e18c5efdab9e76c727a231f0fc;p=thirdparty%2Fapache%2Fhttpd.git * Add new proposals. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@607285 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index 918448a09ec..7d41b0e0c30 100644 --- a/STATUS +++ b/STATUS @@ -76,6 +76,40 @@ CURRENT RELEASE NOTES: RELEASE SHOWSTOPPERS: + * Various modules: Add explicit charset to the output of various modules to + work around possible cross-site scripting flaws affecting web browsers that + do not derive the response character set as required by RFC2616. + Trunk version of patch: + http://svn.apache.org/viewvc?rev=606693&view=rev + http://svn.apache.org/viewvc?rev=607276&view=rev + Backport version for 2.2.x of patch: + http://people.apache.org/~rpluem/patches/utf7_fix_2.2.x.diff + +1: rpluem, + + * mod_status: Ensure refresh parameter is numeric to prevent a possible XSS + attack caused by redirecting to other URLs. + Trunk version of patch: + http://svn.apache.org/viewvc?rev=607282&view=rev + Backport version for 2.0.x of patch: + http://awe.com/e8f6ad05238f8/CVE-2007-6388-httpd-2.x.patch + +1: rpluem, + + * mod_proxy_balancer: Prevent crash in balancer manager if invalid balancer + name is passed as parameter. + Trunk version of patch: + http://svn.apache.org/viewvc?rev=607273&view=rev + Backport version for 2.2.x of patch: + Trunk version of patch works + +1: rpluem, + + * mod_proxy_balancer: Correctly escape the worker route and the worker + redirect string in the HTML output of the balancer manager. + Trunk version of patch: + http://svn.apache.org/viewvc?rev=607275&view=rev + Backport version for 2.2.x of patch: + Trunk version of patch works + +1: rpluem, + PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ]