Apache 1.3.35 Major changes
The main security vulnerabilities addressed in 1.3.35 are:
mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT
New features that relate to all platforms:
- core: Allow usage of the "Include" configuration directive within previously "Include"d files.
New features that relate to specific platforms:
The following bugs were found in Apache 1.3.34 (or earlier) and have been fixed in Apache 1.3.35:
- HTML-escape the Expect error message.
- mod_cgi: Remove block on OPTIONS method so that scripts can respond to OPTIONS directly rather than via server default
So, when it's available in cPanel?