Don't talk about request smuggling in the response handling fix.

author Joe Orton <jorton@apache.org>

Fri, 8 Jul 2005 18:16:49 +0000 (18:16 +0000)

committer Joe Orton <jorton@apache.org>

Fri, 8 Jul 2005 18:16:49 +0000 (18:16 +0000)
author Joe Orton <jorton@apache.org>
Fri, 8 Jul 2005 18:16:49 +0000 (18:16 +0000)
committer Joe Orton <jorton@apache.org>
Fri, 8 Jul 2005 18:16:49 +0000 (18:16 +0000)
diff --git a/CHANGES b/CHANGES

index ec81621686bf45a1f4a19b9ef9e9383e7d060e34..194636f660577910b7e7cf5e7ef9c6156dbf65fc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -30,8 +30,7 @@ Changes with Apache 2.1.6
  
    *) proxy HTTP: If a response contains both Transfer-Encoding and a 
       Content-Length, remove the Content-Length and don't reuse the
-     connection, stopping some HTTP Request smuggling attacks.
-     [Jeff Trawick]
+     connection.  [Jeff Trawick]
  
    *) mod_cgid: Fix buffer overflow processing ScriptSock directive.
       [Steve Kemp <steve steve.org.uk>]
@@ -122,7 +121,7 @@ Changes with Apache 2.1.5
    
    *) mod_deflate: Merge the Vary header, isntead of Setting it. Fixes
       applications that send the Vary Header themselves, and also apply 
-     mod_defalte as an output filter. [Paul Querna]
+     mod_deflate as an output filter. [Paul Querna]
  
    *) Change the default (when not present in the config file) setting
       for UseCanonicalName to Off.
author	Joe Orton <jorton@apache.org>
	Fri, 8 Jul 2005 18:16:49 +0000 (18:16 +0000)
committer	Joe Orton <jorton@apache.org>
	Fri, 8 Jul 2005 18:16:49 +0000 (18:16 +0000)