There are two security fixes and one memory leak:
It also includes changes from the 2.4.42 - complete changelog is listed here: https://downloads.apache.org/httpd/CHANGES_2.4.43
Code:
*) SECURITY: CVE-2020-1934 (cve.mitre.org)
mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
server. [Eric Covener]
*) SECURITY: CVE-2020-1927 (cve.mitre.org)
rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable
matches and substitutions with encoded line break characters.
The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]
*) mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]
It also includes changes from the 2.4.42 - complete changelog is listed here: https://downloads.apache.org/httpd/CHANGES_2.4.43