From 4c82c8acd335fa2fdd0394512902b8a3b223e425 Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Fri, 31 Mar 2006 21:36:38 +0000
Subject: [PATCH] * Sync with 2.2.x CHANGES file

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@390507 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/CHANGES b/CHANGES
index 9d34dc4e2d..54a2c42871 100644
--- a/CHANGES
+++ b/CHANGES
@@ -99,6 +99,22 @@ Changes with Apache 2.3.0
 
 Changes with Apache 2.2.1
 
+  *) SECURITY: CVE-2005-3357 (cve.mitre.org)
+     mod_ssl: Fix a possible crash during access control checks if a
+     non-SSL request is processed for an SSL vhost (such as the
+     "HTTP request received on SSL port" error message when an 400 
+     ErrorDocument is configured, or if using "SSLEngine optional").
+     PR 37791.  [Rüdiger Plüm, Joe Orton]
+
+  *) SECURITY: CVE-2005-3352 (cve.mitre.org)
+     mod_imagemap: Escape untrusted referer header before outputting
+     in HTML to avoid potential cross-site scripting.  Change also
+     made to ap_escape_html so we escape quotes.  Reported by JPCERT.
+     [Mark Cox]
+
+  *) core: Reject invalid Expect header immediately. PR 38123.
+     [Ruediger Pluem]
+
   *) mod_proxy: Fix KeepAlives not being allowed and set to
      backend servers. PR 38602. [Ruediger Pluem, Jim Jagielski]
 
@@ -125,19 +141,6 @@ Changes with Apache 2.2.1
 
   *) mod_speling: Stop crashing with certain non-file requests.  [Jeff Trawick]
 
-  *) SECURITY: CVE-2005-3357 (cve.mitre.org)
-     mod_ssl: Fix a possible crash during access control checks if a
-     non-SSL request is processed for an SSL vhost (such as the
-     "HTTP request received on SSL port" error message when an 400 
-     ErrorDocument is configured, or if using "SSLEngine optional").
-     PR 37791.  [Rüdiger Plüm, Joe Orton]
-
-  *) SECURITY: CVE-2005-3352 (cve.mitre.org)
-     mod_imagemap: Escape untrusted referer header before outputting
-     in HTML to avoid potential cross-site scripting.  Change also
-     made to ap_escape_html so we escape quotes.  Reported by JPCERT.
-     [Mark Cox]
-
   *) mod_cache: Make caching of reverse proxies possible again. PR 38017.
      [Ruediger Pluem]
 
-- 
2.40.0