FYI, I made some minor changes to the post-release description
on httpd-site and within 2.4.x/CHANGES for CVE-2023-2569
The form we use for editing the CVE json info has a
feature for autolinking anything that looks like a
URL reference. Unfortunately, it's buggy and cannot be
turned off. When the form was updated yesterday, the
autolinks came back. This causes every example URL to
be repeated in the text as a link, which of course
makes them an invalid example.
I have fixed the JSON on httpd-site, rebuilding
https://httpd.apache.org/security/vulnerabilities_24.html
and committed a fix in CHANGES. I have not sent an update for
the official CVE database, since I have no idea what that would break.
No worries, but some users might complain about the weird examples.
Cheers, and thanks for the release,
....Roy
on httpd-site and within 2.4.x/CHANGES for CVE-2023-2569
The form we use for editing the CVE json info has a
feature for autolinking anything that looks like a
URL reference. Unfortunately, it's buggy and cannot be
turned off. When the form was updated yesterday, the
autolinks came back. This causes every example URL to
be repeated in the text as a link, which of course
makes them an invalid example.
I have fixed the JSON on httpd-site, rebuilding
https://httpd.apache.org/security/vulnerabilities_24.html
and committed a fix in CHANGES. I have not sent an update for
the official CVE database, since I have no idea what that would break.
No worries, but some users might complain about the weird examples.
Cheers, and thanks for the release,
....Roy