Index: httpd-2.4.58/docs/manual/rewrite/flags.html.en
===================================================================
--- httpd-2.4.58.orig/docs/manual/rewrite/flags.html.en
+++ httpd-2.4.58/docs/manual/rewrite/flags.html.en
@@ -820,8 +820,25 @@ otherwise the MIME-type set with this fl
 re-processing (including subsequent rounds of mod_rewrite processing).
 The <code>L</code> flag can be useful in this context to end the
 <em>current</em> round of mod_rewrite processing.</p>
+</div>
 
-</div></div>
+<div class="section">
+    <h2><a name="flag_unsafe_allow_3f" id="flag_unsafe_allow_3f">UnsafeAllow3F</a></h2>
+    <p> Setting this flag is required to allow a rewrite to continue If the
+    HTTP request being written has an encoded question mark, '%3f', and the
+    rewritten result has a '?' in the substiution.  This protects from a malicious
+    URL taking advantage of a capture and re-substitution of the encoded
+    question mark.</p>
+</div>
+<div class="section" id="flag_unsafe_prefix_status">
+    <h2><a name="flag_unsafe_prefix_status" id="flag_unsafe_prefix_status">UnsafePrefixStat</a></h2>
+    <p> Setting this flag is required in server-scoped substitutions
+    start with a variable or backreference and resolve to a filesystem path.
+    These substitutions are not prefixed with the document root.
+    This protects from a malicious URL causing the expanded substitution to
+    map to an unexpected filesystem location.</p>
+    </div>
+</div>
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/rewrite/flags.html" title="English">&nbsp;en&nbsp;</a> |
 <a href="../fr/rewrite/flags.html" hreflang="fr" rel="alternate" title="Français">&nbsp;fr&nbsp;</a></p>