[mapserver-commits] r11938 - branches/branch-5-0/mapserver
svn at osgeo.org
svn at osgeo.org
Thu Jul 14 10:00:50 EDT 2011
Author: dmorissette
Date: 2011-07-14 07:00:50 -0700 (Thu, 14 Jul 2011)
New Revision: 11938
Modified:
branches/branch-5-0/mapserver/HISTORY.TXT
Log:
Fix typo and missing #3903 entry
Modified: branches/branch-5-0/mapserver/HISTORY.TXT
===================================================================
--- branches/branch-5-0/mapserver/HISTORY.TXT 2011-07-14 13:57:47 UTC (rev 11937)
+++ branches/branch-5-0/mapserver/HISTORY.TXT 2011-07-14 14:00:50 UTC (rev 11938)
@@ -13,7 +13,7 @@
Current Version (SVN branch, may never be released):
----------------------------------------------------
-IMPORTANT SECURITY FIXE:
+IMPORTANT SECURITY FIXES:
- Fixes to prevent SQL injections through OGC filter encoding (in WMS, WFS
and SOS), as well as a potential SQL injection in WMS time support.
@@ -21,6 +21,9 @@
enabled, with layers connecting to an SQL RDBMS backend, either
natively or via OGR (#3903)
+- Fixed potentially exploitable buffer overflows in OGC Filter Encoding
+ support (#3903)
+
- Disabled some insecure (and potentially exploitable) mapserv command-line
debug arguments (#3485). The --enable-cgi-cl-debug-args configure switch
can be used to re-enable them for devs who really cannot get away without
More information about the mapserver-commits
mailing list