From 0433c40eb2f535c05d3523d75ccdfc90823d6463 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Thu, 30 Jun 2016 07:23:28 +0000
Subject: [PATCH] Merge 1750750 from trunk:

Update language on impact of disabling TRACE, remove reference to compliance.

Reviewed by: wrowe, covener, rpluem



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1750752 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/core.xml | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index cfb5b16f2f..946ce7f642 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -4443,16 +4443,18 @@ certain events before failing a request</description>
     <p>Finally, for testing and diagnostic purposes only, request
     bodies may be allowed using the non-compliant <code>TraceEnable
     extended</code> directive.  The core (as an origin server) will
-    restrict the request body to 64k (plus 8k for chunk headers if
+    restrict the request body to 64Kb (plus 8Kb for chunk headers if
     <code>Transfer-Encoding: chunked</code> is used).  The core will
     reflect the full headers and all chunk headers with the response
-    body.  As a proxy server, the request body is not restricted to 64k.</p>
+    body.  As a proxy server, the request body is not restricted to 64Kb.</p>
 
     <note><title>Note</title>
-    <p>Despite claims to the contrary, <code>TRACE</code> is not
-    a security vulnerability, and there is no viable reason for
-    it to be disabled. Doing so necessarily makes your server
-    noncompliant.</p>
+
+    <p>Despite claims to the contrary, enabling the <code>TRACE</code>
+    method does not expose any security vulnerability in Apache httpd.
+    The <code>TRACE</code> method is defined by the HTTP/1.1
+    specification and implementations are expected to support it.</p>
+    
     </note>
 </usage>
 </directivesynopsis>
-- 
2.40.0