Author: markt Revision: 1377807 Modified property: svn:log Modified: svn:log at Mon Nov 5 23:04:39 2012 ------------------------------------------------------------------------------ --- svn:log (original) +++ svn:log Mon Nov 5 23:04:39 2012 @@ -2,3 +2,5 @@ Digest improvements: - disable caching of authenticated user in session by default - track server rather than client nonces - better handling of stale nonce values + +This fixed CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
