I am -0.9 on this info in the manual, for a relatively low severity bug.

On Fri, Apr 1, 2016 at 9:31 AM,  <elu...@apache.org> wrote:
> Author: elukey
> Date: Fri Apr  1 13:31:28 2016
> New Revision: 1737382
>
> URL: http://svn.apache.org/viewvc?rev=1737382&view=rev
> Log:
> Added warning for AllowOverrideList None in the mod-core doc (PR 58528)
>
> Modified:
>     httpd/httpd/trunk/docs/manual/mod/core.xml
>
> Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1737382&r1=1737381&r2=1737382&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
> +++ httpd/httpd/trunk/docs/manual/mod/core.xml Fri Apr  1 13:31:28 2016
> @@ -328,6 +328,14 @@ NoDecode option available in 2.3.12 and
>      completely ignored. In this case, the server will not even attempt
>      to read <code>.htaccess</code> files in the filesystem.</p>
>
> +    <note><title>AllowOverrideList bug in versions &lt;= 2.4.18</title>
> +    <p><directive module="core">AllowOverrideList</directive> will not 
> prevent
> +    .htaccess files processing when explicitly set with None in httpd 
> versions &lt;= 2.4.18 due to a
> +    <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58528";>bug</a>.
> +    Set only <directive module="core">AllowOverride</directive> to None as 
> workaround if
> +    you are unable to upgrade to httpd &gt; 2.4.18</p>
> +    </note>
> +
>      <p>When this directive is set to <code>All</code>, then any
>      directive which has the .htaccess <a
>      href="directive-dict.html#Context">Context</a> is allowed in
> @@ -520,6 +528,14 @@ AllowOverride AuthConfig Indexes
>      ignored.  In this case, the server will not even attempt to read
>      <code>.htaccess</code> files in the filesystem.</p>
>
> +    <note><title>AllowOverrideList bug in versions &lt;= 2.4.18</title>
> +    <p><directive module="core">AllowOverrideList</directive> will not 
> prevent
> +    .htaccess files processing when explicitly set with None in httpd 
> versions &lt;= 2.4.18 due to a
> +    <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58528";>bug</a>.
> +    Set only <directive module="core">AllowOverride</directive> to None as 
> workaround if
> +    you are unable to upgrade to httpd &gt; 2.4.18</p>
> +    </note>
> +
>      <p>Example:</p>
>
>      <highlight language="config">
>
>



-- 
Eric Covener
cove...@gmail.com

Reply via email to