Fix to escape logs in order to avoid escape sequence injection bug. Also inserted an old comment into ChangeLog for a change that got missed last year.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@26274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 17 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index 62638f9793..1691e7c167 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,16 @@
+Sun Jan 10 8:00:00 2010  Kirk Haines  <khaines@ruby-lang.org>
+
+	* lib/webrick/accesslog.rb : Added escape fixes for logs to fix a log injection attack.
+
+	* lib/webrick/httpstatus.rb : Added escape fixes for logs to fix a log injection attack.
+
+	* lib/webrick/httprequest.rb : Added escape fixes for logs to fix a log injection attack.
+
+	* lib/webrick/httputils.rb : Added escape fixes for logs to fix a log injection attack.
+
 Thu Nov 19 2:44:00 2009 Kirk Haines <khaines@ruby-lang.org>
 
-	* gc.c: backport r24713 which adds a check for freelist exhaustion in gc_sweep; this prevents segfaults from certain tight loops. An example test case: Time.now while true
+	* gc.c: backport r24713 which adds a check for freelist exhaustion in gc_sweep; this prevents segfaults from certain tight loops. An example test case: Time.now while true. r25871
 
 Fri Aug 28 12:54:00 2009 Kirk Haines <khaines@ruby-lang.org>
 
@@ -70,6 +80,12 @@ Thu Jul  9 11:22:00 2009 Kirk Haines <khaines@ruby-lang.org>
 
 	* test/ostruct/test_ostruct.rb: Modified tests to fit the #inspect fix.
 
+Thu Jul 7 12:31:58 2009 Kirk Haines <khaines@ruby-lang.org>
+
+	* gc.c: Fix method scoping bug. r24030
+
+	* eval.c: Fix method scoping bug. r24030
+
 Mon Jun  8 12:46:00 2009  Kirk Haines <khaines@ruby-lang.org>
 
 	* lib/soap/mimemessage.rb: Fixed a typo -- conent -> content