Comment on possible trailers CVE delay.

author Mike Rumph <mrumph@apache.org>

Thu, 21 Aug 2014 15:35:43 +0000 (15:35 +0000)

committer Mike Rumph <mrumph@apache.org>

Thu, 21 Aug 2014 15:35:43 +0000 (15:35 +0000)
author Mike Rumph <mrumph@apache.org>
Thu, 21 Aug 2014 15:35:43 +0000 (15:35 +0000)
committer Mike Rumph <mrumph@apache.org>
Thu, 21 Aug 2014 15:35:43 +0000 (15:35 +0000)
diff --git a/STATUS b/STATUS

index 3037ef64466aafc91a838d45b19d8dcabb8e7f11..d5724c8db1e6b3c9fb6c5067e65a03eec63e6554 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -111,7 +111,10 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
       2.2.x patch:  http://people.apache.org/~covener/patches/httpd-2.2.x-trailers-2.diff
       +1: covener, wrowe, rpluem
       covener: Since this was not released yet in 2.4.x, maybe it's better to cut 2.2.28 w/o it?
-    
+     mrumph:  Delaying a nonCVE fix would be reasonable to maintain backward compatibility.
+              But for a CVE that has already been made public,
+              wouldn't it make more sense to make the fix available as quickly as possible?
+     
     * mod_deflate: Fix reentrance in output and input filters (buffering of
                    incomplete Zlib header or validation bytes). PR 46146.
       trunk patch: https://svn.apache.org/r1572655
author	Mike Rumph <mrumph@apache.org>
	Thu, 21 Aug 2014 15:35:43 +0000 (15:35 +0000)
committer	Mike Rumph <mrumph@apache.org>
	Thu, 21 Aug 2014 15:35:43 +0000 (15:35 +0000)