apache2 (2.2.3-4+etch4) stable; urgency=low

  To avoid possible cross site scripting attacks with browsers that do not
  correctly derive the character set and content type according to RFC 2616,
  apache2 now explicitly sets these attributes for the directory indexes
  created by mod_autoindex and mod_proxy_ftp. The default charset used is
  iso-8559-1.

  If you use mod_autoindex and use UTF-8 as charset for your filenames, you
  should add Charset=UTF-8 to the IndexOptions directive in
  /etc/apache2/apache2.conf .

  If you use mod_proxy_ftp, you can adjust the default charset used for its
  directory indexes with the ProxyFtpDirCharset directive in
  /etc/apache2/mods-available/proxy.conf . You can also use ProxyFtpDirCharset
  inside <Proxy ...> </Proxy> blocks to set the charset for specific servers.

 -- Stefan Fritsch <sf@debian.org>  Sun, 27 Jan 2008 18:59:40 +0100

apache2 (2.2.3-4+etch1) unstable; urgency=low

  Note to
  - users of mod_disk_cache, and
  - users of mod_proxy who have upgraded from apache2 2.0.x (as in Debian
    "sarge" 3.1) to 2.2.3-4 (as in Debian "etch" 4.0r0). If you are directly
    upgrading from 2.0.x to 2.2.3-4+etch1 (Debian "etch" 4.0r1), or doing a 
    new installation, you are not affected.

  If mod_proxy was enabled at the time of the upgrade from 2.0.x to 2.2.3-4,
  mod_disk_cache was enabled and disk caching switched on. This could lead to
  the /var partition being filled up by the indefinitely growing disk cache.

  From version 2.2.3-4+etch1, disk caching is again switched off in the
  default configuration of mod_disk_cache, as it was in 2.0.x. If you had
  mod_proxy enabled during the upgrade from 2.0, you should check whether
  /var/cache/apache2/mod_disk_cache contains files that you don't want to be
  there.

  Users of mod_disk_cache should read the comments in
  /etc/apache2/mods-available/disk_cache.conf and check that their
  configuration is correct.

 -- Stefan Fritsch <sf@debian.org>  Wed, 13 Jun 2007 19:53:03 +0200

apache2 (2.2.3-4) stable; urgency=low

  Note to users upgrading from Debian 3.1 "sarge":
  
  Apache2 in Debian 4.0 "etch" is Apache 2.2.x, which has many changes from
  version 2.0.x in sarge. You will need to adjust your configuration to the
  new features and configuration syntax. For example:

  * There have been many changes related to authentication and authorization.
  * The startssl option has been removed and SSL is no longer defined. You
    might need to change some <IfDefine SSL> to <IfModule mod_ssl.c>.
  * The MSIE SSL workaround has been removed from
    /etc/apache2/mods-available/ssl.conf and needs to be added inside your SSL
    VirtualHost configuration section (see README.Debian).

  You also need to recompile any self-compiled modules.

  See the upgrading information at

    http://httpd.apache.org/docs/2.2/upgrading.html

  or, if you have apache2-doc installed and your apache is running, at

    http://localhost/manual/upgrading.html

 -- Stefan Fritsch <sf@debian.org>  Sun, 08 Jul 2007 22:07:05 +0200