aboutsummaryrefslogtreecommitdiff
path: root/CHANGES
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2003-08-03 21:33:25 +0000
committerDaniel Stenberg <daniel@haxx.se>2003-08-03 21:33:25 +0000
commit296046510bc213090ea9e69a7314abb79f4d792e (patch)
tree25e49e6e2f3e0fb5970a40d816edec661162e734 /CHANGES
parentdb9f87f697c86cdeca4e6da9f8baabb8246b2d0e (diff)
serios info leakage!
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES8
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 138d7c4bb..94a5318a1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,14 @@
Changelog
+Daniel (3 August)
+- When proxy authentication is used in a CONNECT request (as used for all SSL
+ connects and otherwise enforced tunnel-thru-proxy requests), the same
+ authentication header is also wrongly sent to the remote host.
+
+ This is a rather significant info leak. I've fixed it now and mailed a patch
+ and warning to the mailing lists.
+
Daniel (1 August)
- David Byron provided a patch to make 7.10.6 build correctly with the
compressed hugehelp.c source file.