From: André Malo <nd@apache.org>
Date: Fri, 23 Jan 2004 00:08:16 +0000 (+0000)
Subject: sync
X-Git-Tag: pre_ajp_proxy~778
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a560e61831f4eeebeb10d539a3149fb5bddd2b23;p=apache

sync


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102393 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 018e03aa4b..c5111b82ca 100644
--- a/CHANGES
+++ b/CHANGES
@@ -29,10 +29,6 @@ Changes with Apache 2.1.0-dev
   *) Make REMOTE_PORT variable available in mod_rewrite.
      PR 25772.  [André Malo]
 
-  *) Allow unescaped error logs via compile time switch
-     "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".
-     [Geoffrey Young <geoff modperlcookbook.org>, André Malo]
-
   *) proxy_http fix: mod_proxy hangs when both KeepAlive and 
      ProxyErrorOverride are enabled, and a non-200 response without a 
      body is generated by the backend server. (e.g.: a client makes a 
@@ -341,8 +337,10 @@ Changes with Apache 2.0.49
   *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
      the destination resource gives a 401.  PR 15571.  [Joe Orton]
 
-  *) SECURITY [CAN-2003-0020]: Escape arbitrary data before writing
-     into the errorlog.  [André Malo]
+  *) SECURITY: CAN-2003-0020 (cve.mitre.org)
+     Escape arbitrary data before writing into the errorlog. Unescaped
+     errorlogs are still possible using the compile time switch
+     "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, André Malo]
 
   *) mod_autoindex / core: Don't fail to show filenames containing
      special characters like '%'. PR 13598.  [André Malo]