You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2020/05/05 11:44:59 UTC

svn commit: r1877394 - /httpd/httpd/trunk/docs/manual/new_features_2_4.xml

Author: covener
Date: Tue May  5 11:44:59 2020
New Revision: 1877394

URL: http://svn.apache.org/viewvc?rev=1877394&view=rev
Log:
clarify, context is still CGI only.


Modified:
    httpd/httpd/trunk/docs/manual/new_features_2_4.xml

Modified: httpd/httpd/trunk/docs/manual/new_features_2_4.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/new_features_2_4.xml?rev=1877394&r1=1877393&r2=1877394&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/new_features_2_4.xml (original)
+++ httpd/httpd/trunk/docs/manual/new_features_2_4.xml Tue May  5 11:44:59 2020
@@ -282,8 +282,8 @@
           <module>mod_isapi</module>, ...</dt>
       <dd>Translation of headers to environment variables is more strict than
       before to mitigate some possible cross-site-scripting attacks via header
-      injection. Headers containing invalid characters (including underscores)
-      are now silently dropped. <a href="env.html">Environment Variables
+      injection. Header names containing invalid characters (including underscores)
+      are no longer converted to environment variables. <a href="env.html">Environment Variables
       in Apache</a> has some pointers on how to work around broken legacy
       clients which require such headers. (This affects all modules which
       use these environment variables.)</dd>