Update to 2.3.9
- New upstream release 2.3.9
- SECURITY: Fix possible heap buffer overwrite (CVE-2013-4365)
- Add experimental cmake-based build system for Windows
- Correctly parse quotation and escaped spaces in FcgidWrapper and the AAA
Authenticator/Authorizor/Access directives' command line argument, as
currently documented (PR#51194)
- Honor quoted FcgidCmdOptions arguments (notably for InitialEnv
assignments) (PR#51657)
- Conform script response parsing with mod_cgid and ensure no response body
is sent when ap_meets_conditions() determines that request conditions are
met
- Improve logging in access control hook functions
- Avoid making internal sub-requests and processing Location headers when in
FCGI_AUTHORIZER mode, as the auth hook functions already treat Location
headers returned by scripts as an error since redirections are not
meaningful in this mode
- Revert fix for PR#53693, added in 2.3.8 but undocumented
- Fix issues with a minor optimization added in 2.3.8