Changes with Apache 2.4.9
+ *) mod_ssl: Work around a bug in some older versions of OpenSSL that
+ would cause a crash in SSL_get_certificate for servers where the
+ certificate hadn't been sent. [Stephen Henson]
Changes with Apache 2.4.8
logging truncated cookies.
[William Rowe, Ruediger Pluem, Jim Jagielski]
+ *) SECURITY: CVE-2013-6438 (cve.mitre.org)
+ mod_dav: Keep track of length of cdata properly when removing
+ leading spaces. Eliminates a potential denial of service from
+ specifically crafted DAV WRITE requests
+ [Amin Tora <Amin.Tora neustar.biz>]
+
*) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding
TE/CL conflicts. [Yann Ylavic <ylavic.dev gmail com>, Jim Jagielski]