You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by fu...@apache.org on 2012/12/17 22:53:17 UTC
svn commit: r1423173 - /httpd/httpd/branches/2.4.x/STATUS
Author: fuankg
Date: Mon Dec 17 21:53:16 2012
New Revision: 1423173
URL: http://svn.apache.org/viewvc?rev=1423173&view=rev
Log:
Added comment.
Modified:
httpd/httpd/branches/2.4.x/STATUS
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1423173&r1=1423172&r2=1423173&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon Dec 17 21:53:16 2012
@@ -167,6 +167,10 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
of those two groups) who don't understand that these are information leaks
once they are enabled, and the subtlety of the way they are disabled ("Apache
messed up the first line; let me fix that") contributes to that.
+ fuankg notes: I've just added a big warning to all CGI scripts which should now
+ make alsolutely clear that these CGIs are for testing purpose only - so those
+ who enable those scripts with inserting the right shebang should be 100% aware
+ of any risks (this should cover your last point).
A list of further possible backports can be found at:
http://people.apache.org/~rjung/patches/possible-backports-httpd-trunk-2_4.txt