Permalink
Browse files

""

git-svn-id: https://erlyaws.svn.sourceforge.net/svnroot/erlyaws/trunk/yaws@900 9fbdc01b-0d2c-0410-bfb7-fb27d70d8b52
  • Loading branch information...
1 parent 811877e commit 651369d722c5cfa8b2ef11e033dde81587b6a9aa @klacke committed Jun 17, 2005
Showing with 7 additions and 7 deletions.
  1. +3 −3 www/dynamic.yaws
  2. +2 −2 www/index.yaws
  3. +2 −2 www/news
View
6 www/dynamic.yaws
@@ -23,10 +23,10 @@ out(A) ->
{h1, [],"Generating Dynamic Content"},
{p,[], ["Yaws has very nice support for generating dynamic content on the fly. "
"We use embedded erlang code to generate the content. The Erlang code "
- "is separated from the HTML code by ",
- {tt, [], "<erl>"},
+ "is separated from the HTML code by ",
+ {tt, [], "&lt;erl&gt;"},
" and ",
- {tt, [], "</erl>"},
+ {tt, [], "\&lt;/erl&gt;"},
" markers. For example: "]},
box("
View
4 www/index.yaws
@@ -8,8 +8,8 @@ out(A) ->
[{h1,[],"Yaws"},
- {p,[],"Yaws is a HTTP high perfomance 1.1 webserver."
- "Two separate modes of operations are supported."},
+ {p,[],"Yaws is a HTTP high perfomance 1.1 webserver particularly"
+ " well suited for dynamic-content webapplications. Two separate modes of operations are supported."},
{ul,[],
[{li,[],
{p,[],"Standalone mode where Yaws runs as a regular webserver "
View
4 www/news
@@ -1,6 +1,6 @@
-Thu Jun 16 13:42:50 CEST 2005, Security update release.
+Thu Jun 16 13:42:50 CEST 2005, Version 1.56, Security update release.
A bug was found by Daniel Fabian, SEC-Consult Unternehmensberatung GmbH whereby: If a null byte is appended to the filename of a yaws script (.yaws), the yaws webserver returns a page containing the source code of the according script. This flaw allows a malicious attacker to analyse the source code of the entire web application, which might result in the attacker gaining sensitiv information like passwords. All versions of yaws older than 1.56 are vulnerable.
-For users running old yaws web servers, the following <a href="yaws-1.55_to_1.56.patch"> patch </a> can be applied. The is small and can easily be backported to older yaws releases.
+For users running old yaws web servers, the following <a href="yaws-1.55_to_1.56.patch"> patch </a> can be applied. The patch is small and can easily be backported to older yaws releases.
Fri Jun 10 16:09:58 CEST 2005, Version 1.55 released. Feature release.
Concept of redirect maps added. See documentation in yaws.conf man page. This makes it possible to redir entire parts of the docroot to another site (jb)

0 comments on commit 651369d

Please sign in to comment.