Project

General

Profile

Release Info

  • Version: 1.4.32
  • Previous version: 1.4.31
  • Branch: 1.4
  • Status: stable
  • Release Purpose: security fixes, bug fixes
  • Release manager: stbuehler
  • Released date: 2012-11-21

Important changes from 1.4.31

One important denial of service (in 1.4.31) fix: CVE-2012-5533.

Downloads

Changes from 1.4.31

  • Code cleanup with clang/sparse (fixes #2437, thx kibi)
  • Ignore EPIPE/ECONNRESET after SSL_shutdown
  • Handle ENAMETOOLONG, return 404 Not Found (fixes #2396, thx dererkazo)
  • configure.ac: remove old stuff, add some new to fix warnings in automake 1.12 (fixes #2419, thx blino)
  • add PATCH method (fixes #2424)
  • fix :port handling in $HTTP["host"] checks (fixes #2135. thx liming)
  • network_server_init: fix double free and memleak on error (fixes #2440, thx kyprizel)
  • detect "x-gzip"/"x-bzip2" as separate encodings, more strict encoding matching (fixes #2443)
  • tests: make sure mod_proxy doesn't leave running processes (fixes #2435, thx kibi)
  • mod_extforward: log address of untrusted proxy with debug.log-request-handling
  • fix DoS in Connection header value split (reported by Jesse Sipprell, CVE-2012-5533)
  • remove whitespace at end of header keys

External references