Skip to content
This repository has been archived by the owner on Jan 28, 2020. It is now read-only.

Commit

Permalink
Add NEWS file for version 0.12.0.
Browse files Browse the repository at this point in the history
  • Loading branch information
@olavmo-sikt
olavmo-sikt committed Mar 9, 2016
1 parent 2089903 commit 338c9ff
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions NEWS
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,24 @@
Version 0.12.0
---------------------------------------------------------------------------

Security fixes:

* [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
incorrect error handling when reading POST data from client.

* [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
resource exhaustion) due to missing size checks when reading
POST data.

In addition this release contains the following new features and fixes:

* Add MellonRedirecDomains option to limit the sites that
mod_auth_mellon can redirect to. This option is enabled by default.

* Add support for ECP service options in PAOS requests.

* Fix AssertionConsumerService lookup for PAOS requests.

Version 0.11.0
---------------------------------------------------------------------------

Expand Down

0 comments on commit 338c9ff

Please sign in to comment.