| Age | Commit message (Collapse) | Author |
|---|
|
* bmk/inets/inets536_integration:
[httpd] GET request with malformed header date caused server crash (non-fatal) with no reply to client. Will now result in a reply with status code 400. OTP-9674
Added versions 5.2, 5.1.3 and 5.1.2 again. OTP-9655
Uncommented ipv6 test cases. OTP-9655
Fixed HTML encode. First *try* to hex decode uri, and then do the actual html encode. OTP-9655
Skip catching hex decode failure. OTP-9655
Fixed hex-decoding. OTP-9655
Problems with proxy test cases. OTP-9655
Added release notes, appup and correct version. OTP-9655
The XSS prevention methods used was confused if the URL was encoded (hex-encoded). OTP-9655
|
|
server crash (non-fatal) with no reply to client. Will
now result in a reply with status code 400.
OTP-9674
Merge branch 'bmk/inets/httpd/xss_with_bad_header_date/OTP-9674' into bmk/inets/inets536_integration
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/inets_app/inets.appup.src
lib/inets/test/httpd_test_lib.erl
lib/inets/vsn.mk
|
|
OTP-9655
Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/inets536_integration
|
|
server crash (non-fatal) with no reply to client. Will
now result in a reply with status code 400.
OTP-9674
|
|
OTP-9655
|
|
OTP-9655
|
|
do the actual html encode.
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
bmk/inets/httpd/xss_when_erl_encoded/OTP-9655
|
|
URL was encoded (hex-encoded).
OTP-9655
|
|
|
|
* raimo/sctp-getsetopts/OTP-9544:
erts,kernel: Bugfix - read SCTP socket options from right protocol layer
erts: Fix bug SCTP send can only be called from controlling process
|
|
Socket options 'sndbuf', 'recbuf' and 'linger were read from
the SCTP protocol layer instead of from the socket protocol layer.
Conflicts:
lib/kernel/test/gen_sctp_SUITE.erl
|
|
Conflicts:
lib/kernel/test/gen_sctp_SUITE.erl
|
|
maint-r13
* bmk/inets/httpd/cross_site_scripting_attacks/OTP-9535:
Updated http-server to make sure URLs in error-messages are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application.
|
|
are URL-encoded. Added support in http-client to use
URL-encoding. Also added the missing include directory
for the inets application.
OTP-8940
[httpd] Prevent XSS in error pages.
Prevent user controlled input from being interpreted
as HTML in error pages by encoding the reserved HTML
characters.
Michael Santos
OTP-9124
|
|
maint-r13
* bmk/snmp/manager/override_community_for_req/OTP-9236:
Added (intial) override community stuff.
Udated documentation (and version).
|
|
|
|
|
|
* nick/orber/old_ssl_option/OTP-8994:
The SSL option {ssl_imp, old} was not used if ssl_generation was set to 2. Only R14B was affected by this.
Conflicts:
lib/orber/doc/src/notes.xml
lib/orber/vsn.mk
|
|
* nick/orber/recursive_types/OTP-8868:
Support for recursive unions and structs. Break loop if recursive TypeCode.
Added basic tests for recursive uinions and structs.
Removed test code.
Added partial support for recursive IDL types.
|
|
|
|
|
|
Only R14B was affected by this.
|
|
|
|
* nick/cosNotification/deprecated_regexp/OTP-8846:
Fiex TR tag.
Uppdatet year in header.
Added missing bracket.
Switched from using the deprecated regexp to re instead.
|
|
* nick/orber/corbaloc_http/OTP-8900:
Incorrect TR tag.
A corbaloc http string could return an EXIT message, instead of a system exception, if the HTTP server closed the socket without returning a complete message. I.e. header and a body containing a stringified IOR.
|
|
|
|
|
|
|
|
* nick/ssh/missing_catch/OTP-8908:
The fix regarding OTP-8863 was not included in the previous version as stated
|
|
|
|
|
|
* nick/ssh/fix-process-leak/OTP-8807:
Fix race condition when terminating a connection.
fix process leak in ssh_system_sup (dynamicaly created childs where not cleaned up)
|
|
* nick/ssh/crash_report/OTP-8881:
In some cases a crash report was generated when a connection was closing down. This was caused by a race condition between two processes.
|
|
|
|
exception, if the HTTP server closed the socket without returning a complete
message. I.e. header and a body containing a stringified IOR.
|
|
|
|
This was caused by a race condition between two processes.
|
|
|
|
* kenneth/asn1/enc_extaddgrp/OTP-8866:
Add additional test to cover this correction
correct the encoding of ExtensionAdditionGroup
temp
Add support for ExtensionAdditionGroup notation in nested types as well
|
|
|
|
|
|
|
|
In the previous version support for ExtensionAdditionGroups (i.e [[...]])
was added but it did not handle the occurence of the notation in nested types.
Now this is handled as well and the support is hopefully complete.
Also cleanup of warnings for obsolete guard functions in test suites.
|
|
|
|
|
