From 517eb52ed2c2f3728f5ea326005e04ebf43bd8a7 Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Fri, 28 Dec 2007 16:01:52 +0000
Subject: [PATCH] * Fix CHANGES wording for r606693.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@607276 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 19 ++++---------------
 1 file changed, 4 insertions(+), 15 deletions(-)

diff --git a/CHANGES b/CHANGES
index ff711bcb22..4434d903f3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -12,21 +12,10 @@ Changes with Apache 2.3.0
   *) mod_deflate: Transform ETag when transforming the entity.
      PR 39727 [Henrik Nordstrom <hno squid-cache.org>, Nick Kew]
 
-  *) mod_ldap: Set character set for status page to ISO-8859-1 to avoid
-     UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
-
-  *) mod_proxy_balancer: Set character set for balancer manager to ISO-8859-1
-     to avoid UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
-
-  *) mod_proxy_ftp: Set character set for generated FTP directory listing to
-     ISO-8859-1 to avoid UTF-7 XSS vulnerabilities of certain browsers.
-     [Joe Orton]
-
-  *) mod_info: Set character set for info page to ISO-8859-1 to avoid
-     UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
-
-  *) mod_dav: Set character set for error pages to ISO-8859-1 to avoid
-     UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
+  *) Add explicit charset to the output of various modules to work around
+     possible cross-site scripting flaws affecting web browsers that do not
+     derive the response character set as required by  RFC2616.  One of these
+     reported by SecurityReason [Joe Orton]
 
   *) mod_ssl: Added server name indication support (RFC 4366).
      PR 34607. [Kaspar Brand <asfbugz velox.ch>]
-- 
2.40.0