Hi,
OK with me. I've one outstanding patch related to fail on status. I
think Ben short is testing today. I wrote mails about it to the user
list and the patch is not committed yet. It's
http://people.apache.org/~rjung/mod_jk-dev/patches/fail-on-status.patch
(in short: fail on status has to be moved to a place a little earlier,
because at the moment headers are set before fail on status. So if we do
a retry and get different headers back, we produce an answer with an
undefined mix of headers. In the users case we set Content-Length from
the failure response, and the retry on another node succeeded with a
chunked encoding ...)
Also there is one outstanding fix concerning nsapi on netware (which now
has an unneeded dependency on shm).
We could review all changes since 1.2.24 (that's not much) and then skip
the quality check phase, instead directly roll an oficial test/vote
tarball. Would tomorrow be OK for that?
Regards,
Rainer
Mladen Turk wrote:
Hi,
We have a problem with 1.2.24 that luckily is not security leak,
but it is security related.
The problem is that 401 from Tomcat without body
(a standard HTTP_UNAUTHORIZED) is treated as 401, meaning
that Apache is returning 401 page instead passing 401
to the client.
I already patched the SVN.
Can we roll 1.2.25?
Regards,
Mladen.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
