Commit 147550f2 authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files

Document CHANGES 

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1774065 13f79535-47bb-0310-9956-ffa450edef68
parent e4eb74bb

CHANGES

+11 −3
Original line number Diff line number Diff line
@@ -22,6 +22,17 @@ Changes with Apache 2.4.24 
     MAC (SipHash) to prevent deciphering or tampering with a padding

     oracle attack.  [Yann Ylavic, Colm MacCarthaigh]



  *) SECURITY: CVE-2016-8743 (cve.mitre.org)

     Enforce HTTP request grammar corresponding to RFC7230 for request lines

     and request headers, to prevent response splitting and cache pollution by

     malicious clients or downstream proxies. [William Rowe, Stefan Fritsch]



  *) Validate HTTP response header grammar defined by RFC7230, resulting

     in a 500 error in the event that invalid response header contents are

     detected when serving the response, to avoid response splitting and cache

     pollution by malicious clients, upstream servers or faulty modules.

     [Stefan Fritsch, Eric Covener, Yann Ylavic]



  *) mod_socache_memcache: Provide memcache stats to mod_status.

     [Jim Jagielski]
@@ -40,9 +51,6 @@ Changes with Apache 2.4.24 
     'parent-first' instead of 'none', as per documentation.  PR 60419

     [Christophe Jaillet]



  *) Enforce http request grammer corresponding to RFC7230 for request lines

     and request headers [William Rowe, Stefan Fritsch]



  *) core: New directive HttpProtocolOptions to control httpd enforcement

     of various RFC7230 requirements. [Stefan Fritsch, William Rowe]