Commit a199d5cb authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files

Note related risk at the end of the SECURITY CHANGES list for 2.0.65 

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@1497013 13f79535-47bb-0310-9956-ffa450edef68
parent 48c12012

CHANGES

+6 −0
Original line number Diff line number Diff line
@@ -28,6 +28,12 @@ Changes with Apache 2.0.65 
     is enabled, could allow local users to gain privileges via a .htaccess

     file. [Stefan Fritsch, Greg Ames]



       NOTE: it remains possible to exhaust all memory using a carefully

       crafted .htaccess rule, which will not be addressed in 2.0; enabling 

       processing of .htaccess files authored by untrusted users is the root

       of such security risks.  Upgrade to httpd 2.2.25 or later to limit

       this specific risk.



  *) core: Add MaxRanges directive to control the number of ranges permitted

     before returning the entire resource, with a default limit of 200.

     [Eric Covener, Rainer Jung]