diff options
Diffstat (limited to 'Misc')
| -rw-r--r-- | Misc/NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -34,6 +34,10 @@ Core and Builtins Library ------- +- Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the + HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates + that the script is in CGI mode. + - Issue #27130: In the "zlib" module, fix handling of large buffers (typically 4 GiB) when compressing and decompressing. Previously, inputs were limited to 4 GiB, and compression and decompression operations did not |