November 21, 2012

Important changes

One important denial of service (in 1.4.31) fix: CVE-2012-5533.


External references

Changes from 1.4.31

  • Code cleanup with clang/sparse (fixes #2437, thx kibi)
  • Ignore EPIPE/ECONNRESET after SSL_shutdown
  • Handle ENAMETOOLONG, return 404 Not Found (fixes #2396, thx dererkazo)
  • configure.ac: remove old stuff, add some new to fix warnings in automake 1.12 (fixes #2419, thx blino)
  • add PATCH method (fixes #2424)
  • fix :port handling in $HTTP[“host”] checks (fixes #2135. thx liming)
  • network_server_init: fix double free and memleak on error (fixes #2440, thx kyprizel)
  • detect “x-gzip”/”x-bzip2” as separate encodings, more strict encoding matching (fixes #2443)
  • tests: make sure mod_proxy doesn’t leave running processes (fixes #2435, thx kibi)
  • mod_extforward: log address of untrusted proxy with debug.log-request-handling
  • fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533)
  • remove whitespace at end of header keys