Hi, all; I'm not sure what mechanism is used to generate https://httpd.apache.org/security/vulnerabilities_24.html from https://svn.apache.org/repos/asf/httpd/site/trunk/content/security/vulnerabilities-httpd.xml, but an anomaly has been reported to me in response to the security announcements from last release.
For both CVE-2020-1934 and CVE-2020-1927, the source file says "Apache HTTP Server versions 2.4.0 to 2.4.41" in the description, but the rendered result is "Apache HTTP Server versions 2.4.0 to 2.41". If anyone has pointers on how the site build happens, I can look into it further. If it's too complicated a fix, I'm OK with removing that line from the description. The CVE reports must include the version vulnerability info in the description, but it's not really a requirement for the site (I was just keeping them consistent). -- Daniel Ruggeri
