From 7f3a9c11d61043bb827a52ef6b17d6a76ad2ef95 Mon Sep 17 00:00:00 2001
From: Jeff Trawick <trawick@apache.org>
Date: Tue, 15 Jul 2014 10:52:07 +0000
Subject: [PATCH] clarify new use of Timeout for scripts

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610641 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 4e168cae8e..7205eabe49 100644
--- a/CHANGES
+++ b/CHANGES
@@ -16,8 +16,10 @@ Changes with Apache 2.4.10
   *) SECURITY: CVE-2014-0231 (cve.mitre.org)
      mod_cgid: Fix a denial of service against CGI scripts that do
      not consume stdin that could lead to lingering HTTPD child processes
-     filling up the scoreboard and eventually hanging the server. Adds
-     "CGIDScriptTimeout" directive.
+     filling up the scoreboard and eventually hanging the server.  By
+     default, the client I/O timeout (Timeout directive) now applies to
+     communication with scripts.  The CGIDScriptTimeout directive can be
+     used to set a different timeout for communication with scripts.
      [Rainer Jung, Eric Covener, Yann Ylavic]
 
   *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
-- 
2.40.0