Defend against CGI requests with multiple values for the same parameter.

author: Mark Sapiro <mark@msapiro.net> 2017-06-05 20:48:34 -0700
committer: Mark Sapiro <mark@msapiro.net> 2017-06-05 20:48:34 -0700
commit: 0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12 (patch)
tree: f7743c3b5fc245e214bc94da3266bd16f9d664e2 /NEWS
parent: 845dc52970be426af2a766be4609a8bef2bd1c05 (diff)
download: mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.gz
mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.xz
mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 8ac616bb..9b6d4753 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,10 @@ Here is a history of user visible changes to Mailman.
 
   Bug fixes and other patches
 
+    - Defended against certain web attacks that cause exceptions and "we hit
+      a bug" responses when POST data or query fragments contain multiple
+      values for the same parameter.  (LP: #1695667)
+
     - The fix for LP: #1614841 caused a regression in the options CGI.  This
       has been fixed.  (LP: #1602608)
author	Mark Sapiro <mark@msapiro.net>	2017-06-05 20:48:34 -0700
committer	Mark Sapiro <mark@msapiro.net>	2017-06-05 20:48:34 -0700
commit	0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12 (patch)
tree	f7743c3b5fc245e214bc94da3266bd16f9d664e2 /NEWS
parent	845dc52970be426af2a766be4609a8bef2bd1c05 (diff)
download	mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.gz mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.tar.xz mailman2-0d11dc90ee6fc9cc61d32ca3ea6819ca95ac1c12.zip