-*- coding: utf-8 -*-
+Changes with Apache 2.4.24
+
+ *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
+ [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
+
+ *) mod_proxy_balancer: Prevent redirect loops between workers within a
+ balancer by limiting the number of redirects to the number balancer
+ members. PR 59864 [Ruediger Pluem]
+
+ *) mod_proxy: Correctly consider error response codes by the backend when
+ processing failonstatus. PR 59869 [Ruediger Pluem]
+
+ *) mod_dav: Add dav_get_provider_name() function to obtain the name
+ of the provider from mod_dav. [Graham Leggett]
+
+ *) mod_dav: Add support for childtags to dav_error.
+ [Jari Urpalainen <jari.urpalainen nokia.com>]
+
+ *) mod_proxy_fcgi: Fix 2.4.23 breakage for mod_rewrite per-dir and query
+ string showing up in SCRIPT_FILENAME. PR59815
+
+ *) mod_include: Fix a potential memory misuse while evaluating expressions.
+ PR59844. [Eric Covener]
+
+ *) mod_http2: new H2CopyFiles directive that changes treatment of file
+ handles in responses. Necessary in order to fix broken lifetime handling
+ in modules such as mod_wsgi.
+
+ *) mod_http2: removing timeouts on master connection while requests are
+ being processed. Requests may timeout, but the master only times out when
+ no more requests are active. [Stefan Eissing]
+
+ *) mod_http2: fixes connection flush when answering SETTINGS without any
+ stream open. [Moto Ishizawa <@summerwind>, Stefan Eissing]
+
+Changes with Apache 2.4.23
+
+ *) mod_ssl: reset client-verify state of ssl when aborting renegotiations.
+ [Erki Aring <erki@example.ee>, Stefan Eissing]
+
+ *) mod_sed: Fix 'x' command processing. [Christophe Jaillet]
+
+ *) configure: Fix ./configure edge-case failures around dependencies
+ of mod_proxy_hcheck. [William Rowe, Ruediger Pluem, Jeff Trawick]
+
+Changes with Apache 2.4.22
+
+ *) mod_http2: fix for request abort when connections drops, introduced in
+ 1.5.8
+
Changes with Apache 2.4.21
+ *) mod_http2: more rigid error handling in DATA frame assembly, leading
+ to deterministic connection errors if assembly fails.
+ [Stefan Eissing, Pal Nilsen <https://github.com/maedox>]
+
+ *) abs: Include OPENSSL_Applink when compiling on Windows, to resolve
+ failures under Visual Studio 2015 and other mismatched MSVCRT flavors.
+ PR59630 [Jan Ehrhardt <phpdev ehrhardt.nl>]
+
+ *) mod_ssl: Add "no_crl_for_cert_ok" flag to SSLCARevocationCheck directive
+ to opt-in previous behaviour (2.2) with CRLs verification when checking
+ certificate(s) with no corresponding CRL. [Yann Ylavic]
+
+ *) mpm_event, mpm_worker: Fix computation of MinSpareThreads' lower bound
+ according the number of listeners buckets. [Yann Ylavic]
+
+ *) Add ap_cstr_casecmp[n]() - placeholder of apr_cstr_casecmp[n] functions
+ for case-insensitive C/POSIX-locale token comparison.
+ [Jim Jagielski, William Rowe, Yann Ylavic, Branko Čibej]
+
+ *) mod_userdir: Constify and save a few bytes in the conf pool when
+ parsing the "UserDir" directive. [Christophe Jaillet]
+
+ *) mod_cache: Fix (max-stale with no '=') and enforce (check
+ integers after '=') Cache-Control header parsing.
+ [Christophe Jaillet]
+
+ *) core: Add -DDUMP_INCLUDES configtest option to show the tree
+ of Included configuration files.
+ [Jacob Champion <champion.pxi gmail.com>]
+
+ *) mod_proxy_fcgi: Avoid passing a filename of proxy:fcgi:// as
+ SCRIPT_FILENAME to a FastCGI server. PR59618.
+ [Jacob Champion <champion.pxi gmail.com>]
+
+ *) mod_dav: Add dav_get_provider_name() function to obtain the name
+ of the provider from mod_dav.
+ [Jari Urpalainen <jari.urpalainen nokia.com>]
+
+ *) mod_proxy_http2: properly care for HTTP2 flow control of the frontend
+ connection is HTTP/1.1. [Patch supplied by Evgeny Kotkov]
+
*) mod_http2: improved cleanup of connection/streams/tasks to always
have deterministic order regardless of event initiating it. Addresses
reported crashes due to memory read after free issues.