diff --git a/apache2-default-server.conf b/apache2-default-server.conf
index fc45e52..f327384 100644
--- a/apache2-default-server.conf
+++ b/apache2-default-server.conf
@@ -104,3 +104,5 @@ Include /etc/apache2/conf.d/*.conf
 # The manual... if it is installed ('?' means it won't complain)
 Include /etc/apache2/conf.d/apache2-manual?conf
 
+# Disable TRACE command as it can be exploited for XSS attacks
+TraceEnable off
diff --git a/apache2.changes b/apache2.changes
index 8724897..2fa9068 100644
--- a/apache2.changes
+++ b/apache2.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Feb 27 16:51:58 CET 2009 - anicka@suse.cz
+
+- set TraceEnable off (bnc#301380)
+
 -------------------------------------------------------------------
 Wed Feb 25 16:59:27 CET 2009 - prusnak@suse.cz
 
diff --git a/apache2.spec b/apache2.spec
index 48c1d35..2e4ff53 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -63,7 +63,7 @@ License:        The Apache Software License
 Group:          Productivity/Networking/Web/Servers
 %define realver 2.2.11
 Version:        2.2.11
-Release:        2
+Release:        3
 #Source0:      http://www.apache.org/dist/httpd-%{version}.tar.bz2
 Source0:        http://httpd.apache.org/dev/dist/httpd-%{realver}.tar.bz2
 Source10:       SUSE-NOTICE
@@ -1045,6 +1045,8 @@ if ! test -f /.buildenv; then
 fi
 
 %changelog
+* Fri Feb 27 2009 anicka@suse.cz
+- set TraceEnable off (bnc#301380)
 * Wed Feb 25 2009 prusnak@suse.cz
 - moved Snakeoil certificates to separate subpackage example-certificates
   [bnc#419601]