DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22030>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22030 SECURITY: 4097+ bytes of stderr from cgi script causes script to hang ------- Additional Comments From [EMAIL PROTECTED] 2003-09-30 16:37 ------- There is no fix in CVS for this problem. There is no stable mod_cgi[d] that handles 4097+ bytes from stderr mixed in with stdout processing. I don't recommend using any of the code in http://www.apache.org/~trawick/ in a production environment. I just uploaded jcgi.tar to www.apache.org/~trawick/. Module was renamed to mod_jcgi so that hopefully it doesn't get confused with real code from CVS. This has fewer big picture problems than the mod_cgi.c hacks I had before, and of course anyone is free to play with it and comment. See included STATUS file for some notes. For production users: if your CGI spews gobs of stuff to stderr, change the CGI for now. For folks debugging CGIs and want to have them temporarily spew gobs of stuff to stderr, play with the hacked up version mentioned here and send me testcases for stuff that doesn't work. As always, anybody should feel free to make alternate changes to the real mod_cgi[d] and submit patches to [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
