|
version 1.1.1.1, 2013/10/14 10:32:47
|
version 1.1.1.2, 2014/06/15 20:20:05
|
|
Line 3
|
Line 3
|
| NEWS |
NEWS |
| ==== |
==== |
| |
|
| - 1.4.33 - | - 1.4.35 |
| | * [network/ssl] fix build error if TLSEXT is disabled |
| | * [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active) |
| | * [mod_rrdtool] fix invalid read (string not null terminated) |
| | * [mod_dirlisting] fix memory leak if pcre fails |
| | * [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends |
| | * [mod_magnet] fix memory leak |
| | * add comments for switch fall throughs |
| | * remove logical dead code |
| | * [buffer] fix length check in buffer_is_equal_right_len |
| | * fix resource leaks in error cases on config parsing and other initializations |
| | * add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) |
| | * [mod_cml_lua] fix null pointer dereference |
| | * force assertion: setting FD_CLOEXEC must work (if available) |
| | * [network] check return value of lseek() |
| | * fix unchecked return values from stream_open/stat_cache_get_entry |
| | * [mod_webdav] fix logic error in handling file creation error |
| | * check length of unix domain socket filenames |
| | * fix SQL injection / host name validation (thx Jann Horn) |
| | |
| | - 1.4.34 |
| | * [mod_auth] explicitly link ssl for SHA1 (fixes #2517) |
| | * [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm) |
| | * [ssl] fix SNI handling; only use key+cert from SNI specific config (fixes #2525, CVE-2013-4508) |
| | * [doc] update ssl.cipher-list recommendation |
| | * [stat-cache] FAM: fix use after free (CVE-2013-4560) |
| | * [stat-cache] fix FAM cleanup/fdevent handling |
| | * [core] check success of setuid,setgid,setgroups (CVE-2013-4559) |
| | * [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken) |
| | * maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places |
| | * [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526) |
| | * [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533) |
| | * [mod_mysql_vhost] fix memory leak on config init (#2530) |
| | * [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri) |
| | |
| | - 1.4.33 - 2013-09-27 |
| * mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex) |
* mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex) |
| * fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors); |
* fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors); |
| follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags. |
follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags. |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to NEWS CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / lighttpd