You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by rp...@apache.org on 2006/07/21 00:04:13 UTC

svn commit: r424084 - /httpd/httpd/trunk/CHANGES

Author: rpluem
Date: Thu Jul 20 15:04:13 2006
New Revision: 424084

URL: http://svn.apache.org/viewvc?rev=424084&view=rev
Log:
* Remove the word SECURITY to address Joe's and Bill's concern that this would
  imply that FollowSymLinks and SymLinksIfOwnerMatch are security features.

Modified:
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=424084&r1=424083&r2=424084&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Jul 20 15:04:13 2006
@@ -2,8 +2,7 @@
 Changes with Apache 2.3.0
   [Remove entries to the current 2.0 and 2.2 section below, when backported]
 
-  *) SECURITY:
-     core: Do not allow internal redirects like the DirectoryIndex of mod_dir
+  *) core: Do not allow internal redirects like the DirectoryIndex of mod_dir
      to circumvent the symbolic link checks imposed by FollowSymLinks and
      SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, William Rowe]