You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2009/05/12 15:23:01 UTC

svn commit: r773882 - /httpd/httpd/branches/2.2.x/CHANGES

Author: covener
Date: Tue May 12 13:23:01 2009
New Revision: 773882

URL: http://svn.apache.org/viewvc?rev=773882&view=rev
Log:
move SECURITY to top

Modified:
    httpd/httpd/branches/2.2.x/CHANGES

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=773882&r1=773881&r2=773882&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue May 12 13:23:01 2009
@@ -1,6 +1,12 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.12
 
+  *) SECURITY: CVE-2009-1195 (cve.mitre.org)
+     Prevent the "Includes" Option from being enabled in an .htaccess 
+     file if the AllowOverride restrictions do not permit it.
+     [Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
+      Ruediger Pluem]
+
   *) SECURITY: CVE-2009-1191 (cve.mitre.org)
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
@@ -15,12 +21,6 @@
   *) mod_rewrite: When evaluating a proxy rule in directory context, do
      escape the filename by default. PR 46428 [Joe Orton]
 
-  *) SECURITY: CVE-2009-1195 (cve.mitre.org)
-     Prevent the "Includes" Option from being enabled in an .htaccess 
-     file if the AllowOverride restrictions do not permit it.
-     [Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
-      Ruediger Pluem]
-
   *) mod_proxy_ajp: Check more strictly that the backend follows the AJP
      protocol. [Mladen Turk]