these are backported

author Eric Covener <covener@apache.org>

Sun, 31 Aug 2014 01:29:41 +0000 (01:29 +0000)

committer Eric Covener <covener@apache.org>

Sun, 31 Aug 2014 01:29:41 +0000 (01:29 +0000)
author Eric Covener <covener@apache.org>
Sun, 31 Aug 2014 01:29:41 +0000 (01:29 +0000)
committer Eric Covener <covener@apache.org>
Sun, 31 Aug 2014 01:29:41 +0000 (01:29 +0000)
diff --git a/CHANGES b/CHANGES

index cbdf8ef556f46d9ae280223265317d530cca8037..7e3c478519acf5017b1b335d3ee619503eda401b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -37,22 +37,11 @@ Changes with Apache 2.5.0
  
    *) mpm_winnt: Normalize the error and status messages emitted by service.c,
       the service control interface for Windows.  [William Rowe]
-
-  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
-     core: HTTP trailers could be used to replace HTTP headers
-     late during request processing, potentially undoing or
-     otherwise confusing modules that examined or modified
-     request headers earlier.  Adds "MergeTrailers" directive to restore 
-     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]
    
    *) http_protocol: fix logic in ap_method_list_(add|remove) in order:
         - to correctly reset bits
         - not to modify the 'method_mask' bitfield unnecessarily
  
-  *) mod_log_config: Allow three character log formats to be registered. For
-     backwards compatibility, the first character of a three-character format
-     must be the '^' (caret) character.  [Eric Covener]
-
    *) mod_authnz_ldap: Return LDAP connections to the pool before the handler
       is run, instead of waiting until the end of the request. [Eric Covener]
author	Eric Covener <covener@apache.org>
	Sun, 31 Aug 2014 01:29:41 +0000 (01:29 +0000)
committer	Eric Covener <covener@apache.org>
	Sun, 31 Aug 2014 01:29:41 +0000 (01:29 +0000)