fixed mod_http2 CVE added to CHANGES in 2.4.20, late to the party but it is there.

author Stefan Eissing <icing@apache.org>

Wed, 11 May 2016 11:17:43 +0000 (11:17 +0000)

committer Stefan Eissing <icing@apache.org>

Wed, 11 May 2016 11:17:43 +0000 (11:17 +0000)
author Stefan Eissing <icing@apache.org>
Wed, 11 May 2016 11:17:43 +0000 (11:17 +0000)
committer Stefan Eissing <icing@apache.org>
Wed, 11 May 2016 11:17:43 +0000 (11:17 +0000)
diff --git a/CHANGES b/CHANGES

index 2724cba2f6d56b87307afe286c02f85c7a2fcfe6..a2fc327e9a7e4dcdcad97a389c8024045c362a06 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -82,7 +82,11 @@ Changes with Apache 2.4.20
  
    *) mod_http2: Fix build on Windows from dsp files.
       [Stefan Eissing] 
-
+     
+  *) SECURITY: CVE-2016-1546 (cve.mitre.org)     
+     mod_http2: restricting number of concurrent stream workers per connection
+     if client is slow. 
+     
  Changes with Apache 2.4.19
  
    *) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the
author	Stefan Eissing <icing@apache.org>
	Wed, 11 May 2016 11:17:43 +0000 (11:17 +0000)
committer	Stefan Eissing <icing@apache.org>
	Wed, 11 May 2016 11:17:43 +0000 (11:17 +0000)