From ce11df346991d8e18c5efdab9e76c727a231f0fc Mon Sep 17 00:00:00 2001 From: Ruediger Pluem Date: Fri, 28 Dec 2007 16:41:50 +0000 Subject: [PATCH] * Add new proposals. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@607285 13f79535-47bb-0310-9956-ffa450edef68 --- STATUS | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/STATUS b/STATUS index 918448a09ec..7d41b0e0c30 100644 --- a/STATUS +++ b/STATUS @@ -76,6 +76,40 @@ CURRENT RELEASE NOTES: RELEASE SHOWSTOPPERS: + * Various modules: Add explicit charset to the output of various modules to + work around possible cross-site scripting flaws affecting web browsers that + do not derive the response character set as required by RFC2616. + Trunk version of patch: + http://svn.apache.org/viewvc?rev=606693&view=rev + http://svn.apache.org/viewvc?rev=607276&view=rev + Backport version for 2.2.x of patch: + http://people.apache.org/~rpluem/patches/utf7_fix_2.2.x.diff + +1: rpluem, + + * mod_status: Ensure refresh parameter is numeric to prevent a possible XSS + attack caused by redirecting to other URLs. + Trunk version of patch: + http://svn.apache.org/viewvc?rev=607282&view=rev + Backport version for 2.0.x of patch: + http://awe.com/e8f6ad05238f8/CVE-2007-6388-httpd-2.x.patch + +1: rpluem, + + * mod_proxy_balancer: Prevent crash in balancer manager if invalid balancer + name is passed as parameter. + Trunk version of patch: + http://svn.apache.org/viewvc?rev=607273&view=rev + Backport version for 2.2.x of patch: + Trunk version of patch works + +1: rpluem, + + * mod_proxy_balancer: Correctly escape the worker route and the worker + redirect string in the HTML output of the balancer manager. + Trunk version of patch: + http://svn.apache.org/viewvc?rev=607275&view=rev + Backport version for 2.2.x of patch: + Trunk version of patch works + +1: rpluem, + PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] -- 2.47.2