-*- coding: utf-8 -*- Changes with Apache 2.2.27 *) SECURITY: CVE-2014-0098 (cve.mitre.org) Clean up cookie logging with fewer redundant string parsing passes. Log only cookies with a value assignment. Prevents segfaults when logging truncated cookies. [William Rowe, Ruediger Pluem, Jim Jagielski] *) SECURITY: CVE-2013-6438 (cve.mitre.org) mod_dav: Keep track of length of cdata properly when removing leading spaces. Eliminates a potential denial of service from specifically crafted DAV WRITE requests [Amin Tora ] *) core: draft-ietf-httpbis-p1-messaging-23 corrections regarding TE/CL conflicts. [Yann Ylavic , Jim Jagielski] *) mod_proxy_http: Core dumped under high load. PR 50335. [Jan Kaluza ] *) proxy_util: NULL terminate the right buffer in 'send_http_connect'. [Christophe Jaillet] *) mod_proxy: Remove (never documented) syntax which is equivalent to . [Christophe Jaillet] *) mod_ldap: Fix a potential memory leak or corruption. PR 54936. [Zhenbo Xu ] *) mod_ssl: Do not perform SNI / Host header comparison in case of a forward proxy request. [Ruediger Pluem] *) mod_rewrite: Add mod_rewrite.h to the headers installed on Windows. PR46679 [Bob Ionescu]