From: Jeff Trawick <trawick@apache.org>
Date: Tue, 15 Jul 2014 10:52:07 +0000 (+0000)
Subject: clarify new use of Timeout for scripts
X-Git-Tag: 2.4.10~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f3a9c11d61043bb827a52ef6b17d6a76ad2ef95;p=thirdparty%2Fapache%2Fhttpd.git

clarify new use of Timeout for scripts

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610641 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 4e168cae8e5..7205eabe496 100644
--- a/CHANGES
+++ b/CHANGES
@@ -16,8 +16,10 @@ Changes with Apache 2.4.10
   *) SECURITY: CVE-2014-0231 (cve.mitre.org)
      mod_cgid: Fix a denial of service against CGI scripts that do
      not consume stdin that could lead to lingering HTTPD child processes
-     filling up the scoreboard and eventually hanging the server. Adds
-     "CGIDScriptTimeout" directive.
+     filling up the scoreboard and eventually hanging the server.  By
+     default, the client I/O timeout (Timeout directive) now applies to
+     communication with scripts.  The CGIDScriptTimeout directive can be
+     used to set a different timeout for communication with scripts.
      [Rainer Jung, Eric Covener, Yann Ylavic]
 
   *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions