summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog10
-rw-r--r--lib/webrick/httpresponse.rb2
-rw-r--r--version.h2
3 files changed, 9 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index cd6c93a591..28a818bbd4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,14 @@
+Tue Aug 18 03:34:00 Kirk Haines <khaines@ruby-lang.org>
+
+ * lib/webrick/httpresponse.rb: CVE-2010-0541; Fix a potential XSS vulnerabilty. See the CVE report for more information.
+
Tue Aug 18 03:27:00 Kirk Haines <khaines@ruby-lang.org>
- * ext/bigdecimal/bigdecimal.c: Backport #2349 [ruby-core:26646]; fix comparisons. Also fix a bunch of bugs that lead to broken-ness and failing tests.
+ * ext/bigdecimal/bigdecimal.c: Backport #2349 [ruby-core:26646]; fix comparisons. Also fix a bunch of bugs that lead to broken-ness and failing tests. r29025
- * test/bigdecimal/test_bigdecimal.rb: Backport #2349 [ruby-core:26646]; added a test suite.
+ * test/bigdecimal/test_bigdecimal.rb: Backport #2349 [ruby-core:26646]; added a test suite. r29025
- * test/ruby/test_exception.rb: The test suite was breaking ZeroDivisionError, which in turn would break bigdecimal/test_bigdecimal.rb. Made a simple fix that keeps that test but does so non-destructively.
+ * test/ruby/test_exception.rb: The test suite was breaking ZeroDivisionError, which in turn would break bigdecimal/test_bigdecimal.rb. Made a simple fix that keeps that test but does so non-destructively. r29025
Wed Jun 23 04:26:00 Kirk Haines <khaines@ruby-lang.org>
diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
index 62156b1abd..48fe4b07f8 100644
--- a/lib/webrick/httpresponse.rb
+++ b/lib/webrick/httpresponse.rb
@@ -209,7 +209,7 @@ module WEBrick
@keep_alive = false
self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
end
- @header['content-type'] = "text/html"
+ @header['content-type'] = "text/html; charset=ISO-8859-1"
if respond_to?(:create_error_page)
create_error_page()
diff --git a/version.h b/version.h
index 8f5dd218bc..6faee54cd9 100644
--- a/version.h
+++ b/version.h
@@ -2,7 +2,7 @@
#define RUBY_RELEASE_DATE "2010-08-18"
#define RUBY_VERSION_CODE 186
#define RUBY_RELEASE_CODE 20100818
-#define RUBY_PATCHLEVEL 419
+#define RUBY_PATCHLEVEL 420
#define RUBY_VERSION_MAJOR 1
#define RUBY_VERSION_MINOR 8
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-24 15:59:58 +0000