From: Eric Covener <covener@apache.org>
Date: Wed, 4 Mar 2015 19:22:14 +0000 (+0000)
Subject: backported
X-Git-Tag: 2.5.0-alpha~3417
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cfeeefca6f5857891b7412c902cf6f2c71243441;p=apache

backported



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1664122 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 7c1567a807..1d1acd51c2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,11 +1,6 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
-  *) SECURITY: CVE-2015-0228 (cve.mitre.org)
-     mod_lua: A maliciously crafted websockets PING after a script
-     calls r:wsupgrade() can cause a child process crash. 
-     [Edward Lu <Chaosed0 gmail.com>]
-
   *) core: If explicitly configured, use the KeepaliveTimeout value of the
      virtual host which handled the latest request on the connection, or by
      default the one of the first virtual host bound to the same IP:port.