|
|
|
@ -67,7 +67,7 @@ NEWS
|
|
|
|
|
* decode url before matching in mod_rewrite (#1720)
|
|
|
|
|
* fixed conditional patching of ldap filter (#1564)
|
|
|
|
|
* Match headers case insensitive in response (removing of X-{Sendfile,LIGHTTPD-*}, catching Date/Server)
|
|
|
|
|
* fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1"
|
|
|
|
|
* fixed bug with case-insensitive filenames in mod_userdir (#1589), spotted by "anders1" (CVE-2008-4360)
|
|
|
|
|
* fixed format string bugs in mod_accesslog for SYSLOG
|
|
|
|
|
* replaced fprintf with log_error_write in fastcgi debug
|
|
|
|
|
* fixed mem leak in ssi expression parser (#1753), thx Take5k
|
|
|
|
@ -77,9 +77,9 @@ NEWS
|
|
|
|
|
* fix splitting of auth-ldap filter
|
|
|
|
|
* workaround ldap connection leak if a ldap connection failed (restarting ldap)
|
|
|
|
|
* fix auth.backend.ldap.bind-dn/pw problems (only read from global context for temporary ldap reconnects, thx ruskie)
|
|
|
|
|
* fix memleak in request header parsing (#1774, thx qhy)
|
|
|
|
|
* fix memleak in request header parsing (#1774, thx qhy) (CVE-2008-4298)
|
|
|
|
|
* fix mod_rewrite memleak/endless loop detection (#1775, thx phy - again!)
|
|
|
|
|
* use decoded url for matching in mod_redirect (#1720)
|
|
|
|
|
* use decoded url for matching in mod_redirect (#1720) (CVE-2008-4359)
|
|
|
|
|
|
|
|
|
|
- 1.4.19 - 2008-03-10
|
|
|
|
|
|
|
|
|
|