version bump, pls Changes with Apache 2.2.20 *) SECURITY: CVE-2011-3192 (cve.mitre.org) core: Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener] *) mod_authnz_ldap: If the LDAP server returns constraint violation, don't treat this as an error but as "auth denied". [Stefan Fritsch] *) mod_filter: Fix FilterProvider conditions of type "resp=" (response headers) for CGI. [Joe Orton, Rainer Jung] *) mod_reqtimeout: Fix a timed out connection going into the keep-alive state after a timeout when discarding a request body. PR 51103. [Stefan Fritsch] *) core: Do the hook sorting earlier so that the hooks are properly sorted for the pre_config hook and during parsing the config. [Stefan Fritsch]
*** This bug has been marked as a duplicate of bug 380475 ***