ID: 25
Name: AWS_and_Email_Updates_742
Version: 2.03
Dependences: none
Description: Version 1.0@@@Added authentication failure string and made MCGetSmtpAuthentication call for supported authentication.@@@Added code to ensure that files are closed successfully before clearing the file handle. (case 30048)@@@Version 1.1@@@Fixed error in process that would cause a POST request to be rejected if Content-Length was 0.(Case 31003)@@@Version 1.2@@@Corrected return values when calling ipaddrcmp and sysaccess_handle.@@@Made RpHandleUserExit call in RpFindUrl instead of calling RpExiternalCgi and RpHandleCgiResponse to make sure the connection state gets updated. (case 32258)@@@Version 1.3@@@Changed NAFS_ZERO_OFFSET_ERASE to NAFS_RANDOM_WRITE to correct a problem when using NAND flash. (case 32376)@@@Version 1.4@@@Set and save DHCP to TRUE when DHCP is selected and set and save DHCP to FALSE when static is selected. (case 32436)@@@Version 1.5@@@Fixed the problem where SMTP authentication fails on CRAM MD5 if the password contains the number 6 or a backward slash. (case  33111)@@@Version 1.6@@@Cross-site scripting is a methodology where a hacker piggy-backs malicious javascript or other language code in a web request or web page and induces a web server to run that code. This vulnerability has been remedied.  Now return bad-request if item is not found on the form.  (case 33871)@@@Version 1.7@@@Added fOtherMimeType in rpCgiPtr structure for customized content-type. (case 33984)@@@Version 1.8@@@Updated web server to return must-revalidate on cache-control header for Conten-Disposition attachment.(case 34406)@@@Removed itemValue for invalid form entries to prevent cross-site scripting. (case 34389)@@@Version 1.9@@@Resolved an issue that prevented the AWS from sending a page when a socket with an FD of 0 was used. (Case 35169)@@@Version 2.0@@@Fixed RpWriteIpAddressInDotForm() to use IPv6 for IPv6 family (IPv4 was always used) Also corrected size when copying local address in StcpActiveConnectionStatus().  (Case 35889)@@@Version 2.1@@@Skip multipart/form-data item for empty data content. (Case 36298)@@@Version 2.2@@@Updated naCgiCheckAccess to execute callback from naSysAccessSetAuthHanlder. (Case 36553)@@@Version 2.3@@@This release contains security updates that remediate CVE-2014-9222 and CVE-2014-9223.  (NETOS-205)
Minidescription: Advanced Web Server and Email updates for NET+OS 7.4.2
platformversion: 7.4
Revision: 2
platform: netos
Relevance: NORMAL
Filename: AWS_and_Email_Updates_742_25.dipk
Date: 08/05/2017
Type: fix
Target: environment
neededfiles: none
rootfs: none
Size: 31858kb
Installedsize: 44820kb
Checksum: c29abed430df46f7fc978641ec5547f2
