Changes with Apache 2.4.4
+ *) SECURITY: CVE-2012-3499 (cve.mitre.org)
+ Various XSS flaws due to unescaped hostnames and URIs HTML output in
+ mod_info, mod_status, mod_impagemap, mod_proxy_balancer, and mod_proxy_ftp.
+ [Jim Jagielski, Stefan Fritsch, Niels Heinen <heinenn google com>]
+
+ *) SECURITY: CVE-2012-4558 (cve.mitre.org)
+ XSS in mod_proxy_balancer manager interface. [Jim Jagielski,
+ Niels Heinen <heinenn google com>]
+
*) mod_dir: Add support for the value 'disabled' in FallbackResource.
[Vincent Deffontaines]
unless new option 'RewriteOptions MergeBase' is configured.
PR 53963. [Eric Covener]
- *) mod_status, mod_info, mod_proxy_ftp, mod_proxy_balancer, mod_imagemap,
- mod_ldap: Improve escaping of hostname and URIs HTML output.
- [Jim Jagielski, Stefan Fritsch]
-
*) mod_header: Allow for exposure of loadavg and server load using new
format specifiers %l, %i, %b [Jim Jagielski]