* Fixed security bug that could allow attacker to execute arbitrary
commands as the apache user. [Digital Armaments, seregon at bughunter
dot net]
* Fixed bug that sometimes resulted in segfaults during periodic cache
cleanup. [Stefan Gaffga]
* Add AuthLDAPVersion option to specify which LDAP version to use on
LDAP server. [Hans Petter Selasky]
* Support ldaps:// urls automatically under OpenLDAP. No need to compile
with --with-ssl; this is just to enable SSL with the Netscape SDK.
[Andrew McAllister, Malcolm Locke]
* Fixed bug where auth_ldap didn't always rebind as the AuthLDAPBindDN
after doing an authorization. [Stephen Lombardo, Brent Putnam, Ace
Suares, Ted Cabeen, others].
* Fixed bug where we forgot to note a failed auth attempt which would
result in the browser never giving the user a second chance to enter a
password. [Thanks to many other people]
bd83b0eae2