Commit 8631caa1 authored by Yann Ylavic's avatar Yann Ylavic
Browse files

CVE-2017-9798 disclosed, amend CHANGES entry for 

https://svn.apache.org/r1807754



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1808787 13f79535-47bb-0310-9956-ffa450edef68
parent 743bb839

CHANGES

+5 −3
Original line number Diff line number Diff line 
                                                         -*- coding: utf-8 -*-

Changes with Apache 2.4.28



  *) SECURITY: CVE-2017-9798 (cve.mitre.org)

     Corrupted or freed memory access. <Limit[Except]> must now be used in the

     main configuration file (httpd.conf) to register HTTP methods before the

     .htaccess files.  [Yann Ylavic]



  *) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.

     PR 61142.
@@ -13,9 +18,6 @@ Changes with Apache 2.4.28 


  *) build: allow configuration without APR sources.  [Jacob Champion]



  *) core: Disallow Methods' registration at runtime (.htaccess), they may be

     used only if registered at init time (httpd.conf).  [Yann Ylavic]



  *) mod_ssl, ab: Fix compatibility with LibreSSL.  PR 61184.

     [Bernard Spil <brnrd freebsd.org>, Michael Schlenker <msc contact.de>,

      Yann Ylavic]