Changeset 510764a in mod_gnutls for CHANGELOG


Ignore:
Timestamp:
Jan 23, 2019, 12:44:51 PM (21 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, master, proxy-ticket
Children:
143bd98, ea9c699
Parents:
8adfa57
Message:

Release version 0.9.0

File:
1 edited

Legend:

Unmodified
Added
Removed

  • CHANGELOG

    r8adfa57 r510764a  
    1 ** Version 0.9.0 UNRELEASED
     1** Version 0.9.0 (2019-01-23)
    22- Security fix: Refuse to send or receive any data over a failed TLS
    3   connection (commit 72b669eae8c45dda1850e8e5b30a97c918357b51). This
    4   could lead to requests on reverse proxy TLS connections being sent
    5   in plain text, and might allow faking requests in plain text.
     3  connection (commit 72b669eae8c45dda1850e8e5b30a97c918357b51). The
     4  previous behavior could lead to requests on reverse proxy TLS
     5  connections being sent in plain text, and might have allowed faking
     6  requests in plain text.
    67- Security fix: Reject HTTP requests if they try to access virtual
    78  hosts that do not match their TLS connections (commit
    89  de3fad3c12f53cdbf082ad675e4b10f521a02811). Additionally check if SNI
    9   and Host header match.
     10  and Host header match. Thanks to Krista Karppinen for contributing
     11  tests!
    1012- OCSP stapling is now enabled by default, if possible. OCSP responses
    1113  are updated regularly and stored in a cache separate from the
Note: See TracChangeset for help on using the changeset viewer.