From: Geoffrey Young <geoff@apache.org>
Date: Tue, 21 Sep 2004 13:23:47 +0000 (+0000)
Subject: SECURITY: CAN-2004-0811 officially part of 2.0.52
X-Git-Tag: 2.1.1~231
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e35f03b310db47a9a9aa767c6e29e0d9d20d78c1;p=apache

SECURITY: CAN-2004-0811 officially part of 2.0.52


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105228 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index ed6faf0e16..8d5f8c50c4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,11 +2,6 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
-  *) SECURITY: CAN-2004-0811 (cve.mitre.org)
-     Fix merging of the Satisfy directive, which was applied to 
-     the surrounding context and could allow access despite configured
-     authentication.  PR 31315.  [Rici Lake <rici ricilake.net>]
-
   *) Fix the global mutex crash when the global mutex is never allocated due
      to disabled/empty caches. [Jess Holle <jessh ptc.com>]
 
@@ -419,6 +414,11 @@ Changes with Apache 2.1.0-dev
 
 Changes with Apache 2.0.52
 
+  *) SECURITY: CAN-2004-0811 (cve.mitre.org)
+     Fix merging of the Satisfy directive, which was applied to
+     the surrounding context and could allow access despite configured
+     authentication.  PR 31315.  [Rici Lake <rici ricilake.net>]
+
   *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
      is enabled.  Previously, such urls would still be rejected.
      [Jeff Trawick, Bill Stoddard]