You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2009/05/12 15:23:01 UTC
svn commit: r773882 - /httpd/httpd/branches/2.2.x/CHANGES
Author: covener
Date: Tue May 12 13:23:01 2009
New Revision: 773882
URL: http://svn.apache.org/viewvc?rev=773882&view=rev
Log:
move SECURITY to top
Modified:
httpd/httpd/branches/2.2.x/CHANGES
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=773882&r1=773881&r2=773882&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue May 12 13:23:01 2009
@@ -1,6 +1,12 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.12
+ *) SECURITY: CVE-2009-1195 (cve.mitre.org)
+ Prevent the "Includes" Option from being enabled in an .htaccess
+ file if the AllowOverride restrictions do not permit it.
+ [Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
+ Ruediger Pluem]
+
*) SECURITY: CVE-2009-1191 (cve.mitre.org)
mod_proxy_ajp: Avoid delivering content from a previous request which
failed to send a request body. PR 46949 [Ruediger Pluem]
@@ -15,12 +21,6 @@
*) mod_rewrite: When evaluating a proxy rule in directory context, do
escape the filename by default. PR 46428 [Joe Orton]
- *) SECURITY: CVE-2009-1195 (cve.mitre.org)
- Prevent the "Includes" Option from being enabled in an .htaccess
- file if the AllowOverride restrictions do not permit it.
- [Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
- Ruediger Pluem]
-
*) mod_proxy_ajp: Check more strictly that the backend follows the AJP
protocol. [Mladen Turk]