Nick Kew wrote: > We spent some time fixing a bug on this. Bugzilla still has > http://issues.apache.org/bugzilla/show_bug.cgi?id=14206 > > Checking the records, I see in CHANGES for /trunk/ > > *) core: Do not allow internal redirects like the DirectoryIndex of > mod_dir to circumvent the symbolic link checks imposed by > FollowSymLinks and SymLinksIfOwnerMatch. [Nick Kew, Ruediger Pluem, > William Rowe] > > But it doesn't appear to be backported, nor is there a proposal > in STATUS. > > Does anyone recollect where we left this? Were there still > loose ends that would make a backport problematic?
Yes there were loose ends - thank you for pushing this back to the top of the stack. I disagreed that it's the entire/correct solution on the first inspection, and need to go back to reviewing it today. Thanks again for pointing this out! We look ready to roll apr tomorrow about noon, so this should be fixed in the next day or two before Jim gets to rolling a 2.2.4!!!
