httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@apache.org
Subject svn commit: r374902 - /httpd/httpd/branches/2.0.x/CHANGES
Date Sat, 04 Feb 2006 18:36:13 GMT
Author: colm
Date: Sat Feb  4 10:36:11 2006
New Revision: 374902

URL: http://svn.apache.org/viewcvs?rev=374902&view=rev
Log:
Make a PR reference consistent and keep the SECURITY changes first.

Modified:
    httpd/httpd/branches/2.0.x/CHANGES

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=374902&r1=374901&r2=374902&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Sat Feb  4 10:36:11 2006
@@ -1,9 +1,6 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.56
 
-  *) Fix PR#38070: Avoid server-driven negotiation when a CGI script
-     has emitted an explicit Status: header [Nick Kew].
-
   *) SECURITY: CVE-2005-3357 (cve.mitre.org)
      mod_ssl: Fix a possible crash during access control checks if a
      non-SSL request is processed for an SSL vhost (such as the
@@ -16,6 +13,9 @@
      to avoid potential cross-site scripting.  Change also made to
      ap_escape_html so we escape quotes.  Reported by JPCERT.
      [Mark Cox]
+
+  *) Avoid server-driven negotiation when a CGI script has emitted an 
+     explicit "Status:" header. PR 38070.  [Nick Kew]
 
   *) mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o
      format is used. PR 27787.  [André Malo]



Mime
View raw message