Author: kkolinko
Date: Thu Dec 6 12:42:57 2012
New Revision: 1417814
URL: http://svn.apache.org/viewvc?rev=1417814&view=rev
Log:
Update changelog.
Modified:
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1417814&r1=1417813&r2=1417814&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu Dec 6 12:42:57 2012
@@ -336,7 +336,8 @@
pending further discussion. (schultz)
</fix>
<fix>
- Improve session management in <code>CsrfPreventionFilter</code>.
+ CVE-2012-4431: Fix bypass of <code>CsrfPreventionFilter</code> when
+ there is no session. Improve session management in the filter.
(kkolinko)
</fix>
</changelog>
@@ -570,7 +571,9 @@
(markt)
</fix>
<fix>
- Remove unneeded handling of FORM authentication in RealmBase.
(kkolinko)
+ CVE-2012-3546: Fix bypass of security constraint checks with FORM
+ authentication. Remove unneeded processing in <code>RealmBase</code>.
+ (kkolinko)
</fix>
<fix>
<bug>53800</bug>: <code>FileDirContext.list()</code> did not provide
@@ -1082,7 +1085,7 @@
<subsection name="Coyote">
<changelog>
<fix>
- <bug>52858</bug>: Correct fix for high CPU load
+ <bug>52858</bug>, CVE-2012-4534: Correct fix for high CPU load.
(fhanik)
</fix>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
