11b8c01a4d
Changes with mod_fcgid 2.3.6
*) SECURITY: CVE-2010-3872 (cve.mitre.org)
Fix possible stack buffer overwrite. Diagnosed by the reporter.
P R 49406. [Edgar Frank <ef-lists email.de>]
*) Change the default for FcgidMaxRequestLen from 1GB to 128K.
Administrators should change this to an appropriate value based on
site requirements. [Jeff Trawick]
*) Allow FastCGI apps more time to exit at shutdown before being
forcefully killed. [Jeff Trawick]
*) Correct a problem that resulted in FcgidMaxProcesses being ignored
in some situations. P R 48981. [<rkosolapov gmail.com>]
*) Fix the search for processes with the proper vhost config when
ServerName isn't set in every vhost or a module updates
r->server->server_hostname dynamically (e.g., mod_vhost_cdb)
or a module updates r->server dynamically (e.g., mod_vhost_ldap).
[Jeff Trawick]
*) FcgidPassHeader now maps header names to environment variable names
in the usual manner: The header name is converted to upper case and
is prefixed with HTTP_. An additional environment variable is
created with the legacy name. P R 48964. [Jeff Trawick]
*) Allow processes to be reused within multiple phases of a request
by releasing them into the free list as soon as possible.
[Chris Darroch]
*) Fix lookup of process command lines when using FcgidWrapper or
access control directives, including within .htaccess files.
[Chris Darroch]
*) Resolve a regression in 2.3.5 with httpd 2.0.x on some Unix platforms;
ownership of mutex files was incorrect, resulting in a startup failure.
P R 48651. [Jeff Trawick, <pservit gmail.com>]
*) Return 500 instead of segfaulting when the application returns no output.
[Tatsuki Sugiura <sugi nemui.org>, Jeff Trawick]
*) In FCGI_AUTHORIZER role, avoid spawning a new process for every
different HTTP request. [Chris Darroch]
|
||
|---|---|---|
| .. | ||
| patches | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| MESSAGE | ||
| PLIST | ||