Author: kkolinko Date: Sun May 10 16:49:07 2015 New Revision: 1678578 URL: http://svn.apache.org/r1678578 Log: Correct changelog entry for r1659537 / CVE-2014-0230
1) This is the first commit that introduced the "maxSwallowSize" feature in Tomcat 6. In Tomcat 7 this feature was implemented in a series of commits gradually improving the feature, thus a confusion from mentioning only the last one of those changes. 2) To simplify the patch, in Tomcat 6 this feature is configured via a system property instead of a Connector attribute. 3) Mention CVE number. Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1678578&r1=1678577&r2=1678578&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sun May 10 16:49:07 2015 @@ -79,9 +79,16 @@ filterInsecureProtocols method. (kkolinko/schultz) </fix> <fix> - When applying the <code>maxSwallowSize</code> limit to a connection read - that many bytes first before closing the connection to give the client a - chance to read the response. (markt) + CVE-2014-0230: Add a new system property + <code>org.apache.coyote.MAX_SWALLOW_SIZE</code> (defaults to 2MB) + that limits amount of data Tomcat will swallow if request body + has not been fully read during normal request processing, e.g. + for an aborted upload. (Note: in Tomcat 7 and later this feature is + configured by <code>maxSwallowSize</code> attribute on a connector). + When applying the limit to a connection try to read that many bytes + first before closing the connection to give the client a chance to + read the response. + (markt) </fix> <fix> <bug>57544</bug>: Fix a potential infinite loop when preparing a kept --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org