Commit 5addf032 authored by Joe Orton's avatar Joe Orton
Browse files

- add the appropriate patch to complete the fix for CAN-2005-2088 

- random mod_proxy bugs are not showstoppers


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@208744 13f79535-47bb-0310-9956-ffa450edef68
parent 4e6130ce

STATUS

+5 −4
Original line number Diff line number Diff line
@@ -112,12 +112,13 @@ RELEASE SHOWSTOPPERS: 
    * Various fixes to T-E and C-L processing from trunk



      + proxy HTTP - ignore C-L and disable keepalive to origin server

        CAN-2005-2088

          http://people.apache.org/~trawick/20.te-cl.txt

        +1: trawick



    * proxy_http.c accepts TRACE with a body, violating RFC2616

        +1: trawick, jorton



      + core: strip C-L from any request with a T-E header

          http://people.apache.org/~jorton/ap_tevscl.diff

          (CVE CAN-2005-2088)

        +1: jorton



PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ please append new backports at the end of this list not the top. ]