| Age | Commit message (Collapse) | Author |
|---|
|
Add a verbosity printout for results of the requests sent to it).
Also fixed handling sent_trap and appup.
OTP-9700
|
|
OTP-9700
|
|
It has long been broken, but this fact was hidden by the
faulty expect functions.
OTP-9700
|
|
As a means to prevent DoS, maximum number of varbinds
in a Get-BULK response has been limited.
Also, made some changes to the worker process "API".
OTP-9700.
|
|
This bug will in turn will trigger some other bugs
(in the agent), these will be dealt with later.
OTP-9700
|
|
OTP-9700
|
|
* bmk/inets/inets536_integration:
[httpd] GET request with malformed header date caused server crash (non-fatal) with no reply to client. Will now result in a reply with status code 400. OTP-9674
Added versions 5.2, 5.1.3 and 5.1.2 again. OTP-9655
Uncommented ipv6 test cases. OTP-9655
Fixed HTML encode. First *try* to hex decode uri, and then do the actual html encode. OTP-9655
Skip catching hex decode failure. OTP-9655
Fixed hex-decoding. OTP-9655
Problems with proxy test cases. OTP-9655
Added release notes, appup and correct version. OTP-9655
The XSS prevention methods used was confused if the URL was encoded (hex-encoded). OTP-9655
|
|
server crash (non-fatal) with no reply to client. Will
now result in a reply with status code 400.
OTP-9674
Merge branch 'bmk/inets/httpd/xss_with_bad_header_date/OTP-9674' into bmk/inets/inets536_integration
Conflicts:
lib/inets/doc/src/notes.xml
lib/inets/src/inets_app/inets.appup.src
lib/inets/test/httpd_test_lib.erl
lib/inets/vsn.mk
|
|
OTP-9655
Merge branch 'bmk/inets/httpd/xss_when_erl_encoded/r13/OTP-9655' into bmk/inets/inets536_integration
|
|
server crash (non-fatal) with no reply to client. Will
now result in a reply with status code 400.
OTP-9674
|
|
OTP-9655
|
|
OTP-9655
|
|
do the actual html encode.
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
OTP-9655
|
|
bmk/inets/httpd/xss_when_erl_encoded/OTP-9655
|
|
URL was encoded (hex-encoded).
OTP-9655
|
|
|
|
* raimo/sctp-getsetopts/OTP-9544:
erts,kernel: Bugfix - read SCTP socket options from right protocol layer
erts: Fix bug SCTP send can only be called from controlling process
|
|
Socket options 'sndbuf', 'recbuf' and 'linger were read from
the SCTP protocol layer instead of from the socket protocol layer.
Conflicts:
lib/kernel/test/gen_sctp_SUITE.erl
|
|
Conflicts:
lib/kernel/test/gen_sctp_SUITE.erl
|
|
maint-r13
* bmk/inets/httpd/cross_site_scripting_attacks/OTP-9535:
Updated http-server to make sure URLs in error-messages are URL-encoded. Added support in http-client to use URL-encoding. Also added the missing include directory for the inets application.
|
|
are URL-encoded. Added support in http-client to use
URL-encoding. Also added the missing include directory
for the inets application.
OTP-8940
[httpd] Prevent XSS in error pages.
Prevent user controlled input from being interpreted
as HTML in error pages by encoding the reserved HTML
characters.
Michael Santos
OTP-9124
|
|
maint-r13
* bmk/snmp/manager/override_community_for_req/OTP-9236:
Added (intial) override community stuff.
Udated documentation (and version).
|
|
|
|
|
|
* nick/orber/old_ssl_option/OTP-8994:
The SSL option {ssl_imp, old} was not used if ssl_generation was set to 2. Only R14B was affected by this.
Conflicts:
lib/orber/doc/src/notes.xml
lib/orber/vsn.mk
|
|
* nick/orber/recursive_types/OTP-8868:
Support for recursive unions and structs. Break loop if recursive TypeCode.
Added basic tests for recursive uinions and structs.
Removed test code.
Added partial support for recursive IDL types.
|
|
|
|
|
|
Only R14B was affected by this.
|
|
|
|
* nick/cosNotification/deprecated_regexp/OTP-8846:
Fiex TR tag.
Uppdatet year in header.
Added missing bracket.
Switched from using the deprecated regexp to re instead.
|
|
* nick/orber/corbaloc_http/OTP-8900:
Incorrect TR tag.
A corbaloc http string could return an EXIT message, instead of a system exception, if the HTTP server closed the socket without returning a complete message. I.e. header and a body containing a stringified IOR.
|
|
|
|
|
|
|
|
* nick/ssh/missing_catch/OTP-8908:
The fix regarding OTP-8863 was not included in the previous version as stated
|
|
|
|
|
|
* nick/ssh/fix-process-leak/OTP-8807:
Fix race condition when terminating a connection.
fix process leak in ssh_system_sup (dynamicaly created childs where not cleaned up)
|
|
* nick/ssh/crash_report/OTP-8881:
In some cases a crash report was generated when a connection was closing down. This was caused by a race condition between two processes.
|
|
|
|
exception, if the HTTP server closed the socket without returning a complete
message. I.e. header and a body containing a stringified IOR.
|
|
|
|
This was caused by a race condition between two processes.
|
|
|
|
* kenneth/asn1/enc_extaddgrp/OTP-8866:
Add additional test to cover this correction
correct the encoding of ExtensionAdditionGroup
temp
Add support for ExtensionAdditionGroup notation in nested types as well
|
