Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

doc: clarify v5.1.1 notable items #4156

Closed
wants to merge 1 commit into from
Closed

doc: clarify v5.1.1 notable items #4156

wants to merge 1 commit into from

Conversation

rvagg
Copy link
Member

@rvagg rvagg commented Dec 4, 2015

  • Include reference to CVE-2015-8027
  • Fix "socket may no longer have a socket" reference
  • Expand on non-existent parser causing the error
  • Soften language for CVE-2015-3193 as impact may not be as great as
    expected, also trim to match v4.2.3 language
  • Clarify that CVE-2015-3194 affects TLS servers using client
    certificate authentication
  • Include reference to CVE-2015-6764

@rvagg
doc: clarify v5.1.1 notable items
4780aef 
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Soften language for CVE-2015-3193 as impact may not be as great as
  expected, also trim to match v4.2.3 language
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_
* Include reference to CVE-2015-6764
@rvagg rvagg mentioned this pull request Dec 4, 2015
Closed
@JungMinu JungMinu added the doc Issues and PRs related to the documentations. label Dec 4, 2015
JungMinu
JungMinu reviewed Dec 4, 2015
View reviewed changes
CHANGELOG.md
@@ -4,12 +4,12 @@

### Notable changes

* **http**: Fix a bug where an HTTP socket may no longer have a socket but a pipelined request triggers a pause or resume, a potential denial-of-service vector. (Fedor Indutny)
* **http**: Fix CVE-2015-8027, a bug whereby an HTTP socket may no longer have a parser associated with it but a pipelined request attempts trigger a pause or resume on the non-existent parser, a potential denial-of-service vulnerability. (Fedor Indutny)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I speculate that attempts trigger -> attempts to trigger
(sorry If I'm wrong)

@JungMinu
Copy link
Member

JungMinu commented Dec 4, 2015

LGTM with one small comment :)

@cjihrig
Copy link
Contributor

cjihrig commented Dec 4, 2015

LGTM

1 similar comment
@jasnell
Copy link
Member

jasnell commented Dec 4, 2015

LGTM

rvagg added a commit that referenced this pull request Dec 5, 2015
@rvagg
doc: clarify v5.1.1 notable items
6c16c40 
* Include reference to CVE-2015-8027
* Fix "socket may no longer have a socket" reference
* Expand on non-existent parser causing the error
* Soften language for CVE-2015-3193 as impact may not be as great as
  expected, also trim to match v4.2.3 language
* Clarify that CVE-2015-3194 affects TLS servers using _client
  certificate authentication_
* Include reference to CVE-2015-6764

PR-URL: #4156
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@rvagg rvagg closed this Dec 5, 2015
@rvagg rvagg deleted the v5.1.1-release-notes-update branch December 5, 2015 04:30
@rvagg
Copy link
Member Author

rvagg commented Dec 5, 2015

thanks, fixed and landed @ 6c16c40

This was referenced Dec 8, 2015
Closed
Merged
This was referenced Jul 21, 2021
Open
Open
Open
Open
@snyk-bot snyk-bot mentioned this pull request Jul 31, 2021
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
doc Issues and PRs related to the documentations.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rvagg @JungMinu @cjihrig @jasnell