https://bz.apache.org/bugzilla/show_bug.cgi?id=70099
Rich Bowen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |NEW --- Comment #1 from Rich Bowen <[email protected]> --- Confirmed. The reporter is correct - the subtlety this note describes is a genuine security gotcha: an admin may believe AllowOverride Options=Indexes prevents .htaccess from affecting other options, when in fact absolute-syntax Options (without +/- prefixes) replaces the entire inherited set, implicitly disabling options like FollowSymLinks or ExecCGI. Working on a patch that rewrites the note as a warning with a concrete example. Will commit after I've tested the example a little better. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
