Permalink
Browse files

prepare for 1.94

  • Loading branch information...
1 parent a8d2b52 commit afdddabb642f13d1bac68ef2ef9efe61083bbaf9 @klacke committed Jun 24, 2012
Showing with 6 additions and 1 deletion.
  1. +1 −1 vsn.mk
  2. +5 −0 www/news
View
2 vsn.mk
@@ -1 +1 @@
-YAWS_VSN=1.93
+YAWS_VSN=1.94
View
@@ -1,3 +1,8 @@
+Sun Jun 24 23:47:57 CEST 2012
+Bugfix release for bugs that sneaked into 1.93
+The random patch for 1.93 wasn't good enough as discovered by Sergei Golovan, we need to cater for non printable chars (Sergei Golovan)
+add reverse proxy intercept module capability (Steve)
+
Wed Jun 20 20:22:11 CEST 2012 Yaws 1.93
Security release
Use crypto:rand_bytes() instead of the cryptographically weak random module. Swedish security consultant and cryptographer Kalle Zetterlund discovered a way to - given a sequence of cookies produced by yaws_session_server - predict the next session id. Thus providing a gaping security hole into yaws servers that use the yaws_session_server to maintain cookie based HTTP sessions (klacke/kallez)

0 comments on commit afdddab

Please sign in to comment.