From: Joe Orton <jorton@apache.org>
Date: Fri, 8 Jul 2005 18:16:49 +0000 (+0000)
Subject: Don't talk about request smuggling in the response handling fix.
X-Git-Tag: 2.1.7~32
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b0ac17301d83c94dde6b7e9b8ab60403d91382f4;p=apache

Don't talk about request smuggling in the response handling fix.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@209854 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index ec81621686..194636f660 100644
--- a/CHANGES
+++ b/CHANGES
@@ -30,8 +30,7 @@ Changes with Apache 2.1.6
 
   *) proxy HTTP: If a response contains both Transfer-Encoding and a 
      Content-Length, remove the Content-Length and don't reuse the
-     connection, stopping some HTTP Request smuggling attacks.
-     [Jeff Trawick]
+     connection.  [Jeff Trawick]
 
   *) mod_cgid: Fix buffer overflow processing ScriptSock directive.
      [Steve Kemp <steve steve.org.uk>]
@@ -122,7 +121,7 @@ Changes with Apache 2.1.5
   
   *) mod_deflate: Merge the Vary header, isntead of Setting it. Fixes
      applications that send the Vary Header themselves, and also apply 
-     mod_defalte as an output filter. [Paul Querna]
+     mod_deflate as an output filter. [Paul Querna]
 
   *) Change the default (when not present in the config file) setting
      for UseCanonicalName to Off.