[Bug 241629] [maintainer-update] www/wt3 update 3.4.2
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Oct 31 22:50:26 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241629
Bug ID: 241629
Summary: [maintainer-update] www/wt3 update 3.4.2
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: ports-bugs at FreeBSD.org
Reporter: info at babaei.net
Created attachment 208749
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=208749&action=edit
www/wt3 v3.4.1 to v3.4.2 patch file
Release 3.4.2 (October 30, 2019)
This release fixes the following issues:
wthttp security issues:
Wt internally used an SSL-Client-Certificates header to send client
certificates to child processes when using dedicated process mode. It was
however always accepted even when Wt was not behind a reverse proxy, and sent
to child processes as-is. wthttp now correctly disregards it when not received
from a reverse proxy. The header was also renamed to
X-Wt-Ssl-Client-Certificates to clarify that it is a non-standard internal Wt
header.
When using dedicated session processes with wthttp, the parent process
would trust X-Forwarded-Proto and X-Forwarded-Port even when Wt was not
configured to be behind a reverse proxy. These are now discarded.
issue #7292: OAuthService now correctly uses refresh_token instead of
refreshToken
Http::Client fixes:
fixed issue #7272: support @ character in the path of a URL
fixed 204 No Content response code behavior (would hang before, waiting
for content) (issue #7273)
More informative error and exception messages:
QueryModel's "geometry inconsistent with database" exception now
contains row and cache start and size information
WebSession's "not serving this" info message contains more context so
it's less confusing
Documentation fix: The release notes for Wt 3.3.8 incorrectly referred to
allowed-hosts, while this property is actually named allowed-origins
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list