From: Eric Covener <covener@apache.org>
Date: Tue, 5 May 2020 11:45:20 +0000 (+0000)
Subject: Merge r1877394 from trunk:
X-Git-Tag: 2.4.44~118
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d032aa239362e8f009e90dd2b8469af23d78c985;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1877394 from trunk:

clarify, context is still CGI only.




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1877395 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/new_features_2_4.xml b/docs/manual/new_features_2_4.xml
index 57de00a77e4..30e3a1bfbc6 100644
--- a/docs/manual/new_features_2_4.xml
+++ b/docs/manual/new_features_2_4.xml
@@ -282,8 +282,8 @@
           <module>mod_isapi</module>, ...</dt>
       <dd>Translation of headers to environment variables is more strict than
       before to mitigate some possible cross-site-scripting attacks via header
-      injection. Headers containing invalid characters (including underscores)
-      are now silently dropped. <a href="env.html">Environment Variables
+      injection. Header names containing invalid characters (including underscores)
+      are no longer converted to environment variables. <a href="env.html">Environment Variables
       in Apache</a> has some pointers on how to work around broken legacy
       clients which require such headers. (This affects all modules which
       use these environment variables.)</dd>