-*- coding: utf-8 -*-
+Changes with Apache 2.4.24
+
+ *) core: avoid adding multiple subrequest filters when there are nested
+ subrequests. PR58292
+
+ *) mod_http2: connection shutdown revisited: corrected edge cases on
+ shutting down ongoing streams, changed log warnings to be less noisy
+ when waiting on long running tasks. [Stefan Eissing]
+
+ *) mod_http2: changed all AP_DEBUG_ASSERT to ap_assert to have them
+ available also in normal deployments. [Stefan Eissing]
+
+ *) mod_http2/mod_proxy_http2: 100-continue handling now properly implemented
+ up to the backend. Reused HTTP/2 proxy connections with more than a second
+ not used will block request bodies until a PING answer is received.
+ Requests headers are not delayed by this, since they are repeatable in
+ case of failure. This greatly increases robustness, especially with
+ busy server and/or low keepalive connections. [Stefan Eissing]
+
+ *) mod_proxy_http2: fixed duplicate symbols with mod_http2.
+ [Stefan Eissing]
+
+ *) mod_http2: rewrite of how responses and trailers are transferred between
+ master and slave connection. Reduction of internal states for tasks
+ and streams, stability. Heuristic id generation for slave connections
+ to better keep promise of connection ids unique at given point int time.
+ Fix for mod_cgid interop in high load situtations.
+ Fix for handling of incoming trailers when no request body is sent.
+ [Stefan Eissing]
+
+ *) mod_http2: fix suspended handling for streams. Output could become
+ blocked in rare cases. [Stefan Eissing]
+
+ *) mpm_winnt: Prevent a denial of service when the 'data' AcceptFilter is in
+ use by replacing it with the 'connect' filter. PR 59970. [Jacob Champion]
+
+ *) mod_cgid: Resolve a case where a short CGI response causes a subsequent
+ CGI to be killed prematurely, resulting in a truncated subsequent
+ response. [Eric Covener]
+
+ *) mod_proxy_hcheck: Set health check URI and expression correctly for health
+ check worker. PR 60038 [zdeno <zdeno@scnet.sk>]
+
+ *) mod_http2: if configured with nghttp2 1.14.0 and onward, invalid request
+ headers will immediately reset the stream with a PROTOCOL error. Feature
+ logged by module on startup as 'INVHD' in info message.
+ [Stefan Eissing]
+
+ *) mod_http2: fixed handling of stream buffers during shutdown.
+ [Stefan Eissing]
+
+ *) mod_reqtimeout: Fix body timeout disabling for CONNECT requests to avoid
+ triggering mod_proxy_connect's AH01018 once the tunnel is established.
+ [Yann Ylavic]
+
+ *) ab: Set the Server Name Indication (SNI) extension on outgoing TLS
+ connections (unless -I is specified), according to the Host header (if
+ any) or the requested URL's hostname otherwise. [Yann Ylavic]
+
+ *) mod_proxy_fcgi: avoid loops when ProxyErrorOverride is enabled
+ and the error documents are proxied. PR 55415. [Luca Toscano]
+
+ *) mod_proxy_fcgi: read the whole FCGI response even when the content has
+ not been modified (HTTP 304) to avoid subsequent bougus reads and
+ confusing error messages logged. [Luca Toscano]
+
+ *) mod_http2: h2 status resource follows latest draft, see
+ http://www.ietf.org/id/draft-benfield-http2-debug-state-01.txt
+ [Stefan Eissing]
+
+ *) mod_http2: handling graceful shutdown gracefully, e.g. handling existing
+ streams to the end. [Stefan Eissing]
+
+ *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
+ [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
+
+ *) mod_proxy_{http,ajp,fcgi}: don't reuse backend connections with data
+ available before the request is sent. PR 57832. [Yann Ylavic]
+
+ *) mod_proxy_balancer: Prevent redirect loops between workers within a
+ balancer by limiting the number of redirects to the number balancer
+ members. PR 59864 [Ruediger Pluem]
+
+ *) mod_proxy: Correctly consider error response codes by the backend when
+ processing failonstatus. PR 59869 [Ruediger Pluem]
+
+ *) mod_dav: Add dav_get_provider_name() function to obtain the name
+ of the provider from mod_dav. [Graham Leggett]
+
+ *) mod_dav: Add support for childtags to dav_error.
+ [Jari Urpalainen <jari.urpalainen nokia.com>]
+
+ *) mod_proxy_fcgi: Fix 2.4.23 breakage for mod_rewrite per-dir and query
+ string showing up in SCRIPT_FILENAME. PR59815
+
+ *) mod_include: Fix a potential memory misuse while evaluating expressions.
+ PR59844. [Eric Covener]
+
+ *) mod_http2: new H2CopyFiles directive that changes treatment of file
+ handles in responses. Necessary in order to fix broken lifetime handling
+ in modules such as mod_wsgi.
+
+ *) mod_http2: removing timeouts on master connection while requests are
+ being processed. Requests may timeout, but the master only times out when
+ no more requests are active. [Stefan Eissing]
+
+ *) mod_http2: fixes connection flush when answering SETTINGS without any
+ stream open. [Moto Ishizawa <@summerwind>, Stefan Eissing]
+
+Changes with Apache 2.4.23
+
+ *) mod_ssl: reset client-verify state of ssl when aborting renegotiations.
+ [Erki Aring <erki@example.ee>, Stefan Eissing]
+
+ *) mod_sed: Fix 'x' command processing. [Christophe Jaillet]
+
+ *) configure: Fix ./configure edge-case failures around dependencies
+ of mod_proxy_hcheck. [William Rowe, Ruediger Pluem, Jeff Trawick]
+
+Changes with Apache 2.4.22
+
+ *) mod_http2: fix for request abort when connections drops, introduced in
+ 1.5.8
+
+Changes with Apache 2.4.21
+
+ *) mod_http2: more rigid error handling in DATA frame assembly, leading
+ to deterministic connection errors if assembly fails.
+ [Stefan Eissing, Pal Nilsen <https://github.com/maedox>]
+
+ *) abs: Include OPENSSL_Applink when compiling on Windows, to resolve
+ failures under Visual Studio 2015 and other mismatched MSVCRT flavors.
+ PR59630 [Jan Ehrhardt <phpdev ehrhardt.nl>]
+
+ *) mod_ssl: Add "no_crl_for_cert_ok" flag to SSLCARevocationCheck directive
+ to opt-in previous behaviour (2.2) with CRLs verification when checking
+ certificate(s) with no corresponding CRL. [Yann Ylavic]
+
+ *) mpm_event, mpm_worker: Fix computation of MinSpareThreads' lower bound
+ according the number of listeners buckets. [Yann Ylavic]
+
+ *) Add ap_cstr_casecmp[n]() - placeholder of apr_cstr_casecmp[n] functions
+ for case-insensitive C/POSIX-locale token comparison.
+ [Jim Jagielski, William Rowe, Yann Ylavic, Branko Čibej]
+
+ *) mod_userdir: Constify and save a few bytes in the conf pool when
+ parsing the "UserDir" directive. [Christophe Jaillet]
+
+ *) mod_cache: Fix (max-stale with no '=') and enforce (check
+ integers after '=') Cache-Control header parsing.
+ [Christophe Jaillet]
+
+ *) core: Add -DDUMP_INCLUDES configtest option to show the tree
+ of Included configuration files.
+ [Jacob Champion <champion.pxi gmail.com>]
+
+ *) mod_proxy_fcgi: Avoid passing a filename of proxy:fcgi:// as
+ SCRIPT_FILENAME to a FastCGI server. PR59618.
+ [Jacob Champion <champion.pxi gmail.com>]
+
+ *) mod_dav: Add dav_get_provider_name() function to obtain the name
+ of the provider from mod_dav.
+ [Jari Urpalainen <jari.urpalainen nokia.com>]
+
+ *) mod_proxy_http2: properly care for HTTP2 flow control of the frontend
+ connection is HTTP/1.1. [Patch supplied by Evgeny Kotkov]
+
+ *) mod_http2: improved cleanup of connection/streams/tasks to always
+ have deterministic order regardless of event initiating it. Addresses
+ reported crashes due to memory read after free issues.
+ [Stefan Eissing]
+
+ *) mod_ssl: Correct the interaction between SSLProxyCheckPeerCN and newer
+ SSLProxyCheckPeerName directives since release 2.4.5, such that disabling
+ either disables both, and that enabling either triggers the new, more
+ comprehensive SSLProxyCheckPeerName behavior. Only a single configuration
+ remains to enable the legacy behavior, which is to explicitly disable
+ SSLProxyCheckPeerName, and enable SSLProxyCheckPeerCN. [William Rowe]
+
+ *) mod_include: add the <!--#comment ...> syntax in order to include comments
+ in a SSI file. [Christophe Jaillet based on a suggestion from Rob]
+
+ *) mod_http2: improved event handling for suspended streams, responses
+ and window updates. [Stefan Eissing]
+
+ *) mod_proxy_hcheck: Provide for dynamic background health
+ checks on reverse proxies associated with BalancerMember
+ workers. [Jim Jagielski]
+
+ *) mod_http2: Fix async write issue that led to selection of wrong timeout
+ vs. keepalive timeout selection for idle sessions. [Stefan Eissing]
+
+ *) mod_http2: checking LimitRequestLine, LimitRequestFields and
+ LimitRequestFieldSize configurated values for incoming streams. Returning
+ HTTP status 431 for too long/many headers fields and 414 for a too long
+ pseudo header. [Stefan Eissing]
+
+ *) mod_http2: tracking conn_rec->current_thread on slave connections, so
+ that mod_lua finds the correct one. Fixes PR 59542. [Stefan Eissing]
+
+ *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
+ urls. Part of the httpd mod_proxy framework, common settings apply.
+ Requests from the same HTTP/2 frontend connection against the same backend
+ are aggregated on a single connection.
+ [Stefan Eissing]
+
+ *) mod_http2: slave connections have conn_rec->aborted flag set when a stream
+ has been reset by the client. [Stefan Eissing]
+
+ *) mod_http2: merge of some 2.4.x adaptions re filters on slave connections.
+ Small fixes in bucket beams when forwarding file buckets. Output handling
+ on master connection uses less FLUSH and passes automatically when more
+ than half of H2StreamMaxMemSize bytes have accumulated.
+ Workaround for http: when forwarding partial file buckets to keep the
+ output filter from closing these too early. [Stefan Eissing]
+
+ *) mod_http2: elimination of fixed master connection buffer for TLS
+ connections. New scratch bucket handling optimized for TLS write sizes.
+ File bucket data read directly into scratch buffers, avoiding one
+ copy. Non-TLS connections continue to pass buckets unchanged to the core
+ filters to allow sendfile() usage. [Stefan Eissing]
+
+ *) mod_http2/mod_proxy_http2: h2_request.c is no longer shared between these
+ modules. This simplifies building on platforms such as Windows, as module
+ reference used in logging is now clear. [Stefan Eissing]
+
+ *) Scoreboard: Fix a regression in 2.4.20 that causes wrong request data
+ to be displayed on the status page. PR 59333. [Yann Ylavic, William Rowe]
+
+ *) mod_http2: fixed a bug that caused mod_proxy_http2 to be called for window
+ updates on requests it had already reported done. Added synchronization
+ on early connection/stream close that lets ongoing requests safely drain
+ their input filters.
+ [Stefan Eissing]
+
+ *) mod_http2: scoreboard updates that summarize the h2 session (and replace
+ the last request information) will only happen when the session is idle or
+ in shutdown/done phase. [Stefan Eissing]
+
+ *) mod_http2: new "bucket beam" technology to transport buckets across
+ threads without buffer copy. Delaying response start until flush or
+ enough body data has been accumulated. Overall significantly smaller
+ memory footprint. [Stefan Eissing]
+
+ *) core: New CGIVar directive can configure REQUEST_URI to represent the
+ current URI being processed instead of always the original request.
+ [Jeff Trawick]
+
+ *) scoreboard/status: Restore behavior of showing workers' previous Client,
+ VHost and Request values when idle, like in 2.4.18 and earlier.
+
+ *) mod_http2: r->protocol changed to "HTTP/2.0" (was "HTTP/2") as this will
+ give expected syntax in CGI's SERVER_PROTOCOL is more compatible with
+ existing major/minor handling. Fixes PR 59313.
+
+ *) mod_http2: disabling mmap for file buckets transport due to segmenation
+ faults when files change on the fly.
+
Changes with Apache 2.4.20
+ *) SECURITY: CVE-2016-1546 (cve.mitre.org)
+ mod_http2: restricting number of concurrent stream workers per connection
+ if client is slow.
+
+ *) core: Do not read .htaccess if AllowOverride and AllowOverrideList
+ are "None". PR 58528.
+ [Michael Schlenker <msc contact.de, Ruediger Pluem, Daniel Ruggeri]
+
+ *) mod_proxy_express: Fix possible use of DB handle after close. PR 59230.
+ [Petr <pgajdos suse.cz>]
+
+ *) core/util_script: relax alphanumeric filter of environment variable names
+ on Windows to allow '(' and ')' for passing PROGRAMFILES(X86) et.al.
+ unadulterated in 64 bit versions of Windows. PR 46751.
+ [John <john leineweb de>]
+
+ *) mod_http2: incrementing keepalives on each request started so that logging
+ %k gives increasing numbers per master http2 connection.
+ New documented variables in env, usable in custom log formats: H2_PUSH,
+ H2_PUSHED, H2_PUSHED_ON, H2_STREAM_ID and H2_STREAM_TAG.
+ [Stefan Eissing]
+
+ *) mod_http2: more efficient passing of response bodies with less contention
+ and file bucket forwarding. [Stefan Eissing]
+
*) mod_http2: fix for missing score board updates on request count, fix for
- memory leak on slave connection reuse.
-
+ memory leak on slave connection reuse. [Stefan Eissing]
+
*) mod_http2: Fix build on Windows from dsp files.
[Stefan Eissing]
-
+
Changes with Apache 2.4.19
*) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the
*) mod_authz_host: Add a new "forward-dns" authorization type, not relying on
reverse DNS lookups. [Fabien]
+ *) mod_proxy_http2: new experimental http2 proxy module for h2: and h2c: proxy
+ urls. Uses backend connections for concurrent requests if frontend
+ connection is http2 as well.
+ [Stefan Eissing]
+
*) mod_ssl: Add hooks to allow other modules to perform processing at
several stages of initialization and connection handling. See
mod_ssl_openssl.h. [Jeff Trawick]
streams with higher cumulative window size.
Reducing write frequency unless push promises need to be flushed.
[Stefan Eissing]
-
+
*) mod_http2: required minimum version of libnghttp2 is 1.2.1
[Stefan Eissing]
-
+
*) mod_proxy_fdpass: Fix AH01153 error when using the default configuration.
In earlier version of httpd, you can explicitelly set the 'flusher' parameter
to 'flush' as a workaround. (i.e. flusher=flush)
*) mod_http2: new directive 'H2PushPriority' to allow priority specifications
on server pushed streams according to their content-type.
[Stefan Eissing]
-
+
*) mod_http2: fixes crash on connection abort for a busy connection.
fixes crash on a request that did not produce any response.
[Stefan Eissing]
- *) mod_http2: trailers are sent after reponse body if set in request_rec
+ *) mod_http2: trailers are sent after response body if set in request_rec
trailers_out before the end-of-request bucket is sent through the
output filters. [Stefan Eissing]
*) mod_http2: new directive 'H2Push' to en-/disable HTTP/2 server
pushes a server/virtual host. Pushes are initiated by the presence
of 'Link:' headers with relation 'preload' on a response. [Stefan Eissing]
-
+
*) mod_http2: write performance of http2 improved for larger resources,
especially static files. [Stefan Eissing]
-
+
*) core: if the first HTTP/1.1 request on a connection goes to a server that
prefers different protocols, these protocols are announced in a Upgrade:
header on the response, mentioning the preferred protocols.
[Stefan Eissing]
-
+
*) mod_http2: new directives 'H2TLSWarmUpSize' and 'H2TLSCoolDownSecs'
to control TLS record sizes during connection lifetime.
[Stefan Eissing]
-
+
*) mod_http2: new directive 'H2ModernTLSOnly' to enforce security
requirements of RFC 7540 on TLS connections. [Stefan Eissing]
-
+
*) core: add ap_get_protocol_upgrades() to retrieve the list of protocols
that a client could possibly upgrade to. Use in first request on a
connection to announce protocol choices. [Stefan Eissing]
*) mod_http2: reworked deallocation on connection shutdown and worker
abort. Separate parent pool for all workers. worker threads are joined
on planned worker shutdown. [Yann Ylavic, Stefan Eissing]
-
+
*) mod_ssl: when receiving requests for other virtual hosts than the handshake
server, the SSL parameters are checked for equality. With equal
configuration, requests are passed for processing. Any change will trigger
'No such file or directory: unable to connect to cgi daemon...' could
be logged without an actual retry. PR57685.
[Edward Lu <Chaosed0 gmail.com>]
-
+
*) mod_proxy: Use the original (non absolute) form of the request-line's URI
for requests embedded in CONNECT payloads used to connect SSL backends via
a ProxyRemote forward-proxy. PR 55892. [Hendrik Harms <hendrik.harms
[Yann Ylavic]
*) mod_proxy_connect/wstunnel: If both client and backend sides get readable
- at the same time, don't lose errors occuring while forwarding on the first
+ at the same time, don't lose errors occurring while forwarding on the first
side when none occurs next on the other side, and abort. [Yann Ylavic]
*) mod_rewrite: Improve relative substitutions in per-directory/htaccess
(not released).
Changes with Apache 2.4.11 (not released)
-
+
*) SECURITY: CVE-2014-3583 (cve.mitre.org)
mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with
response headers' size above 8K. [Yann Ylavic, Jeff Trawick]
*) mod_proxy_fcgi: Provide some basic alternate options for specifying
how PATH_INFO is passed to FastCGI backends by adding significance to
the value of proxy-fcgi-pathinfo. PR 55329. [Eric Covener]
-
+
*) mod_proxy_fcgi: Enable UDS backends configured with SetHandler/RewriteRule
to opt-in to connection reuse and other Proxy options via explicitly
declared "proxy workers" (<Proxy unix:... enablereuse=on max=...)
the URL parameter interpolates to an empty string. PR 56603.
[<ajprout hotmail.com>]
- *) core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts.
+ *) core: Fix -D[efined] or <Define>[d] variables lifetime across restarts.
PR 57328. [Armin Abfalterer <a.abfalterer gmail.com>, Yann Ylavic].
*) mod_proxy: Preserve original request headers even if they differ
*) mod_cache: Avoid a 304 response to an unconditional requst when an AH00752
CacheLock error occurs during cache revalidation. [Eric Covener]
-
+
*) mod_ssl: Move OCSP stapling information from a per-certificate store to
a per-server hash. PR 54357, PR 56919. [Alex Bligh <alex alex.org.uk>,
Yann Ylavic, Kaspar Brand]
*) mod_substitute: Fix line length limitation in case of regexp plus flatten.
[Rainer Jung]
-
+
*) mod_proxy: Truncated character worker names are no longer fatal
errors. PR53218. [Jim Jagielski]
*) mod_alias: Stop setting CONTEXT_PREFIX and CONTEXT_DOCUMENT environment
variables as a result of AliasMatch. [Eric Covener]
-
+
*) mod_cache: Don't add cached/revalidated entity headers to a 304 response.
PR 55547. [Yann Ylavic]
[Daniel Gruno]
*) mod_lua: Add r:wspeek for peeking at WebSocket frames. [Daniel Gruno]
-
+
*) mod_lua: Log an error when the initial parsing of a Lua file fails.
[Daniel Gruno, Felipe Daragon <filipe syhunt com>]
*) mod_lua: Update r:setcookie() to accept a table of options and add domain,
path and httponly to the list of options available to set.
PR 56128 [Edward Lu <Chaosed0 gmail com>, Daniel Gruno]
-
+
*) mod_lua: Fix r:setcookie() to add, rather than replace,
the Set-Cookie header. PR56105
[Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com>]
configuration. [Graham Leggett]
*) APR 1.5.0 or later is now required for the event MPM.
-
+
*) slotmem_shm: Error detection. [Jim Jagielski]
*) event: Use skiplist data structure. [Jim Jagielski]
*) mod_proxy_fcgi: Remove 64K limit on encoded length of all envvars.
An individual envvar with an encoded length of more than 16K will be
omitted. [Jeff Trawick]
-
+
*) mod_proxy_fcgi: Handle reading protocol data that is split between
packets. [Jeff Trawick]
(not overridable via SSLCipherSuite). [Kaspar Brand]
*) mod_proxy: Added support for unix domain sockets as the
- backend server endpoint [Jim Jagielski, Blaise Tarr
- <blaise tarr gmail com>]
+ backend server endpoint. This also introduces an unintended
+ incompatibility for third party modules using the mod_proxy
+ proxy_worker_shared structure, especially for balancer lbmethod
+ modules. [Jim Jagielski, Blaise Tarr <blaise tarr gmail com>]
*) Add experimental cmake-based build system for Windows. [Jeff Trawick,
Tom Donovan]
instead of an explicit cn=* filter. [David Hawes <dhawes vt.edu>]
*) ab: Add wait time, fix processing time, and output write errors only if
- they occured. [Christophe Jaillet]
+ they occurred. [Christophe Jaillet]
*) worker MPM: Don't forcibly kill worker threads if the child process is
exiting gracefully. [Oracle Corporation]
[Chris Darroch]
*) ab: Add a new -l parameter in order not to check the length of the responses.
- This can be usefull with dynamic pages.
+ This can be useful with dynamic pages.
PR9945, PR27888, PR42040 [<ccikrs1 cranbrook edu>]
-
+
*) Suppress formatting of startup messages written to the console when
ErrorLogFormat is used. [Jeff Trawick]
request information to the request_rec structure. [Daniel Gruno]
*) mod_lua: Add a server scope for Lua states, which creates a pool of
- states with managable minimum and maximum size. [Daniel Gruno]
+ states with manageable minimum and maximum size. [Daniel Gruno]
*) mod_lua: Add new directive, LuaMapHandler, for dynamically mapping
URIs to Lua scripts and functions using regular expressions.
*) mod_slotmem_shm: Fix mistaken reset of num_free for restored shm.
[Jim Jagielski]
- *) mod_proxy: non-existance of byrequests is not an immediate error.
+ *) mod_proxy: non-existence of byrequests is not an immediate error.
[Jim Jagielski]
*) mod_proxy_balancer: Improve output of balancer-manager (re: Drn,
Dis, Ign, Stby). PR 52478 [Danijel <dt-ng rbfh de>]
-
+
*) configure: Fix processing of --disable-FEATURE for various features.
[Jeff Trawick]
*) mod_header: Allow for exposure of loadavg and server load using new
format specifiers %l, %i, %b [Jim Jagielski]
-
+
*) core: Make ap_regcomp() return AP_REG_ESPACE if out of memory. Make
ap_pregcomp() abort if out of memory. This raises the minimum PCRE
requirement to version 6.0. [Stefan Fritsch]
*) mod_ldap: Fix regression in handling "server unavailable" errors on
Windows. PR 54140. [Eric Covener]
-
+
*) syslog logging: Remove stray ", referer" at the end of some messages.
[Jeff Trawick]
*) rotatelogs: Add -c option to force logfile creation in every rotation
interval, even if empty. [Jan Kaluža <jkaluza redhat.com>]
-
+
*) core: Limit ap_pregsub() to 64K, add ap_pregsub_ex() for longer strings.
[Stefan Fritsch]
*) mod_lua: add r:construct_url as a wrapper for ap_construct_url.
[Eric Covener]
-
+
*) mod_remote_ip: Fix configuration of internal proxies. PR 49272.
[Jim Riggs <jim riggs me>]
binary needs PCRE. [Rainer Jung]
*) configure: tolerate dependency checking failures for modules if
- they have been enabled implicitely. [Rainer Jung]
+ they have been enabled implicitly. [Rainer Jung]
*) configure: Allow to specify module specific custom linker flags via
the MOD_XXX_LDADD variables. [Rainer Jung]
state after a timeout when discarding a request body. PR 51103.
[Stefan Fritsch]
- *) core: Add various file existance test operators to ap_expr.
+ *) core: Add various file existence test operators to ap_expr.
[Stefan Fritsch]
*) mod_proxy_express: New mass reverse-proxy switch extension for
*) mod_mime_magic: Fix detection of compressed content. [Rainer Jung]
- *) mod_negotiation: Escape pathes of filenames in 406 responses to avoid
+ *) mod_negotiation: Escape paths of filenames in 406 responses to avoid
HTML injections and HTTP response splitting. PR 46837.
[Geoff Keating <geoffk apple.com>]
projects / apache / blobdiff