On 31 Aug 2011, at 21:07, Dirk-WIllem van Gulik wrote: >> http://people.apache.org/~dirkx/CVE-2011-3192.txt
Off to bed now. If there is consensus we are 'done' then a vote on either of these options would be of use 1 as above 2 as above but with complete reversal of the 1.3 situation - state it is totally not affected (i.e. when configure right). 3 as above - but with a large caveat that we're not yet happy with this - follow this wiki page and keep an eye out for the release notes of the next releases. Aiming at 1000Z tomorrow - as that gives folks in big companies a lot of planning room - and is not yet hitting the friday-thou-shall-not-break-things-before-the-weekend. Thanks, Dw.