[interchange-cvs] interchange - kwalsh modified WHATSNEW-5.5
interchange-cvs at icdevgroup.org
interchange-cvs at icdevgroup.org
Tue Feb 5 22:30:06 EST 2008
User: kwalsh
Date: 2008-02-06 03:30:06 GMT
Modified: . WHATSNEW-5.5
Log:
* New SessionReadTimeout global configuration directive.
* Standard demo security bug fix.
Revision Changes Path
1.86 +14 -0 interchange/WHATSNEW-5.5
rev 1.86, prev_rev 1.85
Index: WHATSNEW-5.5
===================================================================
RCS file: /var/cvs/interchange/WHATSNEW-5.5,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -r1.85 -r1.86
--- WHATSNEW-5.5 9 Jan 2008 09:51:05 -0000 1.85
+++ WHATSNEW-5.5 6 Feb 2008 03:30:05 -0000 1.86
@@ -12,6 +12,12 @@
Core
----
+* New SocketReadTimeout global configuration parameter that controls
+ the amount of time (in seconds) that Interchange will wait for incoming
+ request data to arrive on an open socket. This was previously hard-coded
+ to one second, but that value was found to be too slow for some dial-up
+ Internet users.
+
* Fix to the "random" parameter used by looping tags.
-- If set to "no" or "false" or "0" then return all of the results
@@ -103,6 +109,14 @@
* Force email notification of errors, can be prevented with ignore_errors
setting.
+
+Standard demo
+-------------
+
+* Fixed a security bug where an attacker could craft a URI that tricks
+ Interchange into executing arbitrary Perl code. The Perl code would be
+ subject to the Safe constraints of course, but could still be devistating
+ to the security of the target website.
UI
--
More information about the interchange-cvs
mailing list