| ▲ | amiga386 2 days ago | |
If RewriteCond (or any other Apache directive) doesn't behave as documented, that's a correctness issue. If you use RewriteCond as the basis of securing your website, that's a security issue for you. If it's a security issue for a significant number of users, or if the documentation recommends using the directive for a security role, then it's also a security issue for the product itself. | ||
| ▲ | inopinatus 2 days ago | parent [-] | |
If upgrade/reframe that last point more strongly. Any configuration of software that is accepted by its own parser is in product scope. | ||