-
Committer:
Package Import Robot
-
Author(s):
Markus Koschany
-
Date:
2015-05-23 23:33:30 UTC
-
Revision ID:
package-import@ubuntu.com-20150523233330-x6l90n6cdl6o62z6
Tags: 1:1.2.37-1+deb7u1
* Team upload.
* Add CVE-2014-8111.patch. (Closes: #783233)
It was discovered that a JkUnmount rule for a subtree of a previous JkMount
rule could be ignored. This could allow a remote attacker to potentially
access a private artifact in a tree that would otherwise not be accessible
to them.
- Add option to control handling of multiple adjacent slashes in mount and
unmount. New default is collapsing the slashes only in unmount. Before
this change, adjacent slashes were never collapsed, so most mounts and
unmounts didn't match for URLs with multiple adjacent slashes.
- Configuration is done via new JkOption for Apache (values
"CollapseSlashesAll", "CollapseSlashesNone" or "CollapseSlashesUnmount").