Merge r1877394 from trunk:

author Eric Covener <covener@apache.org>

Tue, 5 May 2020 11:45:20 +0000 (11:45 +0000)

committer Eric Covener <covener@apache.org>

Tue, 5 May 2020 11:45:20 +0000 (11:45 +0000)
author Eric Covener <covener@apache.org>
Tue, 5 May 2020 11:45:20 +0000 (11:45 +0000)
committer Eric Covener <covener@apache.org>
Tue, 5 May 2020 11:45:20 +0000 (11:45 +0000)
diff --git a/docs/manual/new_features_2_4.xml b/docs/manual/new_features_2_4.xml

index 57de00a77e41168c9976e9bd5795aa5fd6d9e661..30e3a1bfbc6812a1ad4b6088234952ac795558a8 100644 (file)
--- a/docs/manual/new_features_2_4.xml
+++ b/docs/manual/new_features_2_4.xml
@@ -282,8 +282,8 @@
            <module>mod_isapi</module>, ...</dt>
        <dd>Translation of headers to environment variables is more strict than
        before to mitigate some possible cross-site-scripting attacks via header
-      injection. Headers containing invalid characters (including underscores)
-      are now silently dropped. <a href="env.html">Environment Variables
+      injection. Header names containing invalid characters (including underscores)
+      are no longer converted to environment variables. <a href="env.html">Environment Variables
        in Apache</a> has some pointers on how to work around broken legacy
        clients which require such headers. (This affects all modules which
        use these environment variables.)</dd>
author	Eric Covener <covener@apache.org>
	Tue, 5 May 2020 11:45:20 +0000 (11:45 +0000)
committer	Eric Covener <covener@apache.org>
	Tue, 5 May 2020 11:45:20 +0000 (11:45 +0000)