From 13d8aad9a02d0956c356053b751fbb452bb74e13 Mon Sep 17 00:00:00 2001
From: "Mark J. Cox" <mjc@apache.org>
Date: Thu, 1 Sep 2005 13:33:18 +0000
Subject: [PATCH] CAN-2004-1834 was created in March 2004 when it was reported
 that mod_disk_cache would store these headers -- leading to a small potential
 risk that you'd end up with authentication headers on disk and visible to
 users (or cgi scripts or whatever).  Make a note which commit actually ended
 up closing this low impact issue.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@265719 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 445e96b7b98..323f933bfb7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -225,7 +225,8 @@ Changes with Apache 2.0.53
      is causing a potential problem with the LDAP shared memory cache.
      PR 31431 [Graham Leggett]
 
-  *) mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
+  *) SECURITY: CAN-2004-1834 (cve.mitre.org)
+     mod_disk_cache: Do not store hop-by-hop headers.  [Justin Erenkrantz]
 
   *) Fix the re-linking issue when purging elements from the LDAP cache
      PR 24801.  [Jess Holle <jessh ptc.com>]
-- 
2.47.2