diff options
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -13,6 +13,12 @@ Changes with Apache 2.2.33 ap_hook_process_connection() during an HTTP request to an HTTPS port. [Yann Ylavic] + *) SECURITY: CVE-2017-3167 (cve.mitre.org) + Use of the ap_get_basic_auth_pw() by third-party modules outside of the + authentication phase may lead to authentication requirements being + bypassed. + [Emmanuel Dreyfus <manu netbsd.org>, Jacob Champion, Eric Covener] + *) Fix HttpProtocolOptions to inherit from global to VirtualHost scope. [Joe Orton] |