On 04/01/2016 03:48 PM, Eric Covener wrote: > I am -0.9 on this info in the manual, for a relatively low severity bug.
+1. We don't do this kind of stuff in the documentation. This is what CHANGES and Bugzilla are for. Regards Rüdiger > > On Fri, Apr 1, 2016 at 9:31 AM, <elu...@apache.org> wrote: >> Author: elukey >> Date: Fri Apr 1 13:31:28 2016 >> New Revision: 1737382 >> >> URL: http://svn.apache.org/viewvc?rev=1737382&view=rev >> Log: >> Added warning for AllowOverrideList None in the mod-core doc (PR 58528) >> >> Modified: >> httpd/httpd/trunk/docs/manual/mod/core.xml >> >> Modified: httpd/httpd/trunk/docs/manual/mod/core.xml >> URL: >> http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=1737382&r1=1737381&r2=1737382&view=diff >> ============================================================================== >> --- httpd/httpd/trunk/docs/manual/mod/core.xml (original) >> +++ httpd/httpd/trunk/docs/manual/mod/core.xml Fri Apr 1 13:31:28 2016 >> @@ -328,6 +328,14 @@ NoDecode option available in 2.3.12 and >> completely ignored. In this case, the server will not even attempt >> to read <code>.htaccess</code> files in the filesystem.</p> >> >> + <note><title>AllowOverrideList bug in versions <= 2.4.18</title> >> + <p><directive module="core">AllowOverrideList</directive> will not >> prevent >> + .htaccess files processing when explicitly set with None in httpd >> versions <= 2.4.18 due to a >> + <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58528">bug</a>. >> + Set only <directive module="core">AllowOverride</directive> to None as >> workaround if >> + you are unable to upgrade to httpd > 2.4.18</p> >> + </note> >> + >> <p>When this directive is set to <code>All</code>, then any >> directive which has the .htaccess <a >> href="directive-dict.html#Context">Context</a> is allowed in >> @@ -520,6 +528,14 @@ AllowOverride AuthConfig Indexes >> ignored. In this case, the server will not even attempt to read >> <code>.htaccess</code> files in the filesystem.</p> >> >> + <note><title>AllowOverrideList bug in versions <= 2.4.18</title> >> + <p><directive module="core">AllowOverrideList</directive> will not >> prevent >> + .htaccess files processing when explicitly set with None in httpd >> versions <= 2.4.18 due to a >> + <a href="https://bz.apache.org/bugzilla/show_bug.cgi?id=58528">bug</a>. >> + Set only <directive module="core">AllowOverride</directive> to None as >> workaround if >> + you are unable to upgrade to httpd > 2.4.18</p> >> + </note> >> + >> <p>Example:</p> >> >> <highlight language="config"> >> >> > > >