diff options
author | wyhaines <wyhaines@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-01-10 15:18:04 +0000 |
---|---|---|
committer | wyhaines <wyhaines@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-01-10 15:18:04 +0000 |
commit | 576a34957e4a5952cc99117283d5298c7efa9ea7 (patch) | |
tree | ee741f7c902819ee8ec8eecb3c1bde573bf44f26 /ChangeLog | |
parent | 64a96d6dfe6c2d352134809906b1d15965794fac (diff) |
Fix to escape logs in order to avoid escape sequence injection bug. Also inserted an old comment into ChangeLog for a change that got missed last year.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_8_6@26274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 18 |
1 files changed, 17 insertions, 1 deletions
@@ -1,6 +1,16 @@ +Sun Jan 10 8:00:00 2010 Kirk Haines <khaines@ruby-lang.org> + + * lib/webrick/accesslog.rb : Added escape fixes for logs to fix a log injection attack. + + * lib/webrick/httpstatus.rb : Added escape fixes for logs to fix a log injection attack. + + * lib/webrick/httprequest.rb : Added escape fixes for logs to fix a log injection attack. + + * lib/webrick/httputils.rb : Added escape fixes for logs to fix a log injection attack. + Thu Nov 19 2:44:00 2009 Kirk Haines <khaines@ruby-lang.org> - * gc.c: backport r24713 which adds a check for freelist exhaustion in gc_sweep; this prevents segfaults from certain tight loops. An example test case: Time.now while true + * gc.c: backport r24713 which adds a check for freelist exhaustion in gc_sweep; this prevents segfaults from certain tight loops. An example test case: Time.now while true. r25871 Fri Aug 28 12:54:00 2009 Kirk Haines <khaines@ruby-lang.org> @@ -70,6 +80,12 @@ Thu Jul 9 11:22:00 2009 Kirk Haines <khaines@ruby-lang.org> * test/ostruct/test_ostruct.rb: Modified tests to fit the #inspect fix. +Thu Jul 7 12:31:58 2009 Kirk Haines <khaines@ruby-lang.org> + + * gc.c: Fix method scoping bug. r24030 + + * eval.c: Fix method scoping bug. r24030 + Mon Jun 8 12:46:00 2009 Kirk Haines <khaines@ruby-lang.org> * lib/soap/mimemessage.rb: Fixed a typo -- conent -> content |