Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: clarify v5.1.1 notable items #4156

Closed
wants to merge 1 commit into from

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Dec 4, 2015

  • Include reference to CVE-2015-8027
  • Fix "socket may no longer have a socket" reference
  • Expand on non-existent parser causing the error
  • Soften language for CVE-2015-3193 as impact may not be as great as
    expected, also trim to match v4.2.3 language
  • Clarify that CVE-2015-3194 affects TLS servers using client
    certificate authentication
  • Include reference to CVE-2015-6764

* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Soften language for CVE-2015-3193 as impact may not be as great as
  expected, also trim to match v4.2.3 language
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_
* Include reference to CVE-2015-6764
@JungMinu JungMinu added the doc Issues and PRs related to the documentations. label Dec 4, 2015
@@ -4,12 +4,12 @@

### Notable changes

* **http**: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny)
* **http**: Fix CVE-2015-8027, a bug whereby an HTTP socket may no longer have a parser associated with it but a pipelined request attempts trigger a pause or resume on the non-existent parser, a potential denial-of-service vulnerability. (Fedor Indutny)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I speculate that attempts trigger -> attempts to trigger
(sorry If I'm wrong)

@JungMinu
Copy link
Member

JungMinu commented Dec 4, 2015

LGTM with one small comment :)

@cjihrig
Copy link
Contributor

cjihrig commented Dec 4, 2015

LGTM

1 similar comment
@jasnell
Copy link
Member

jasnell commented Dec 4, 2015

LGTM

rvagg added a commit that referenced this pull request Dec 5, 2015
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Soften language for CVE-2015-3193 as impact may not be as great as
  expected, also trim to match v4.2.3 language
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_
* Include reference to CVE-2015-6764

PR-URL: #4156
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@rvagg rvagg closed this Dec 5, 2015
@rvagg rvagg deleted the v5.1.1-release-notes-update branch December 5, 2015 04:30
@rvagg
Copy link
Member Author

rvagg commented Dec 5, 2015

thanks, fixed and landed @ 6c16c40

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
doc Issues and PRs related to the documentations.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants