You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by fu...@apache.org on 2012/12/17 22:53:17 UTC

svn commit: r1423173 - /httpd/httpd/branches/2.4.x/STATUS

Author: fuankg
Date: Mon Dec 17 21:53:16 2012
New Revision: 1423173

URL: http://svn.apache.org/viewvc?rev=1423173&view=rev
Log:
Added comment.

Modified:
    httpd/httpd/branches/2.4.x/STATUS

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1423173&r1=1423172&r2=1423173&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Mon Dec 17 21:53:16 2012
@@ -167,6 +167,10 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
           of those two groups) who don't understand that these are information leaks
           once they are enabled, and the subtlety of the way they are disabled ("Apache
           messed up the first line; let me fix that") contributes to that.
+     fuankg notes: I've just added a big warning to all CGI scripts which should now
+          make alsolutely clear that these CGIs are for testing purpose only - so those
+          who enable those scripts with inserting the right shebang should be 100% aware
+          of any risks (this should cover your last point).
 
 A list of further possible backports can be found at:
     http://people.apache.org/~rjung/patches/possible-backports-httpd-trunk-2_4.txt