Note:
* SECURITY: CVE-2011-3348 (cve.mitre.org)
mod_proxy_ajp when combined with mod_proxy_balancer: Prevents unrecognized
HTTP methods from marking ajp: balancer members in an error state, avoiding
denial of service.
* SECURITY: CVE-2011-3192 (cve.mitre.org)
core: Further fixes to the handling of byte-range requests to use less
memory, to avoid denial of service. This patch includes fixes to the patch
introduced in release 2.2.20 for protocol compliance, as well as the
MaxRanges directive.
Christian Wiese
906ad1f9fc