Done, version 0.10.3 available on the VS17 download page.
Cheers, Steffen
On Thursday 09/03/2023 at 16:34, Jesús González wrote:
Hola!
We just released a mod_wasm security update (v0.10.3) to address two
recently disclosed CVEs (one critical) of Wasmtime, the WebAssembly
runtime
Great! Thanks Steffen.
On 3/10/23 16:33, Eric Covener wrote:
Saw another report on users@
Any thoughts on something like this to just allow spaces?
http://people.apache.org/~covener/patches/rewrite-lax.diff
that makes sense, any other possible char that we should allow other then
spaces ?
Giovanni
(this is
On Fri, 10 Mar 2023, Eric Covener wrote:
Saw another report on users@
Any thoughts on something like this to just allow spaces?
http://people.apache.org/~covener/patches/rewrite-lax.diff
(this is off my $bigco fork so may not actually apply)
On Thu, Mar 9, 2023 at 3:08 PM BUSH Steve wrote:
On Mar 10, 2023, at 8:56 AM, Yann Ylavic wrote:
> On Fri, Mar 10, 2023 at 4:34 PM Eric Covener wrote:
>>
>> Saw another report on users@
>>
>> Any thoughts on something like this to just allow spaces?
>> http://people.apache.org/~covener/patches/rewrite-lax.diff
>
> What about:
>
> Index:
On Fri, Mar 10, 2023 at 11:57 AM Yann Ylavic wrote:
>
> On Fri, Mar 10, 2023 at 4:34 PM Eric Covener wrote:
> >
> > Saw another report on users@
> >
> > Any thoughts on something like this to just allow spaces?
> > http://people.apache.org/~covener/patches/rewrite-lax.diff
>
> What about:
>
>
Saw another report on users@
Any thoughts on something like this to just allow spaces?
http://people.apache.org/~covener/patches/rewrite-lax.diff
(this is off my $bigco fork so may not actually apply)
On Thu, Mar 9, 2023 at 3:08 PM BUSH Steve wrote:
>
> >> Maybe we can slip an additional entry
On Fri, Mar 10, 2023 at 4:34 PM Eric Covener wrote:
>
> Saw another report on users@
>
> Any thoughts on something like this to just allow spaces?
> http://people.apache.org/~covener/patches/rewrite-lax.diff
What about:
Index: modules/mappers/mod_rewrite.c
> Allowing a space to be sent within the proxied request target is not an
> option,
> regardless of how the user has configured the server. The CVE fix was just to
> prevent an invalid target sent from us.
This context in mod_rewrite is not specific to proxying. The CVE is
addressed in a similar