Sorry, forgot to commit the CHANGES file along with the recent commit to

author Bill Stoddard <stoddard@apache.org>

Wed, 26 Sep 2001 14:47:15 +0000 (14:47 +0000)

committer Bill Stoddard <stoddard@apache.org>

Wed, 26 Sep 2001 14:47:15 +0000 (14:47 +0000)
author Bill Stoddard <stoddard@apache.org>
Wed, 26 Sep 2001 14:47:15 +0000 (14:47 +0000)
committer Bill Stoddard <stoddard@apache.org>
Wed, 26 Sep 2001 14:47:15 +0000 (14:47 +0000)
diff --git a/src/CHANGES b/src/CHANGES

index b5f3940b51d82f270268ad5d7f87db2296ecf47f..f35b6e29a8b2b523ab3649d841ad93915bb31c1e 100644 (file)
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,5 +1,14 @@
  Changes with Apache 1.3.21
  
+  *) Win32 SECURITY: The default installation could lead to mod_negotiation
+     and mod_dir/mod_autoindex displaying a directory listing instead of
+     the index.html.* files, if a very long path was created artificially
+     by using many slashes. Now a 403 FORBIDDEN is returned. This
+     problem was similar to and in the same area as the problem
+     reported and fixed by Martin Kraemer in 1.3.18, only the scope
+     is much narrower and is specific to Windows.
+     [Bill Stoddard]
+
    *) Update the mime.types file to the registered media types as
       of 2001-09-25, and add xsl, so, dll extensions [Mark Cox]
author	Bill Stoddard <stoddard@apache.org>
	Wed, 26 Sep 2001 14:47:15 +0000 (14:47 +0000)
committer	Bill Stoddard <stoddard@apache.org>
	Wed, 26 Sep 2001 14:47:15 +0000 (14:47 +0000)