From: Stefan Eissing <icing@apache.org>
Date: Wed, 11 May 2016 11:17:43 +0000 (+0000)
Subject: fixed mod_http2 CVE added to CHANGES in 2.4.20, late to the party but it is there.
X-Git-Tag: 2.4.21~183
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8721489c0c3619a89897f413d42845e721af550b;p=apache

fixed mod_http2 CVE added to CHANGES in 2.4.20, late to the party but it is there.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1743337 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 2724cba2f6..a2fc327e9a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -82,7 +82,11 @@ Changes with Apache 2.4.20
 
   *) mod_http2: Fix build on Windows from dsp files.
      [Stefan Eissing] 
-
+     
+  *) SECURITY: CVE-2016-1546 (cve.mitre.org)     
+     mod_http2: restricting number of concurrent stream workers per connection
+     if client is slow. 
+     
 Changes with Apache 2.4.19
 
   *) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the