subrequests. A bunch of cruft related to BUFF's support for translating response bodies was removed. [Jeff Trawick] *) Move the addition of the CORE filter to the post_read_request hook in http_core.c. This removes the need to add the filter in multiple places and allows for an SSL module to be added much simpler. [Ryan Bloom] *) Fix a security problem that affects certain configurations of mod_rewrite. If the result of a RewriteRule is a filename that contains expansion specifiers, especially regexp backreferences sh.. and %0..%9, then it may be possible for an attacker to access any file on the web server. [Tony Finch] *) Fix a bug where errors that are detected during early request parsing don't produce visible HTTP error messages at the browser, because the core_filter wasn't present. [Greg Ames] *) Provide apr_socklen_t as a portability aid. [Victor J. Orlikowski] *) Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2) as well as a comment arg to the add, adduser and update cmds. update allows the user to clear or preserve pw/groups/comment. Fixed a bug in dbmmanage that prevented the check option from parsing a password followed by :group... text. Corrected the seed calcualation for Win32 systems, and added -lsdbm support. [William Rowe] *) Configured mod_auth_dbm to compile with sdbmlib under Win32. [William Rowe] *) Avoid a segfault when parsing .htaccess files. An uninitialized tree pointer was passed to ap_build_config(). [Jeff Trawick] *) Change the way that inet_addr & inet_network are checked for in APR's configure process to allow BeOS BONE to correctly find them. With this change BeOS BONE now builds from source with no problems. [David Reid] *) Fix a bug in apr_create_process() for Unix. The NULL signifying