Log Message: |
Merge r1610501 from trunk:
*) SECURITY: CVE-2014-0118 (cve.mitre.org)
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
denial of sevice via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst.
Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue.
Submitted By: ylavic, covener
Reviewed By: jorton, covener, jim
Submitted by: covener
Reviewed/backported by: jim
|