Apache has issued an advisory today (October 12):
The issue is fixed upstream in 3.1.2 and 3.2.0.
Mageia 8 is also affected.
Fixed upstream in 3.1.2Whiteboard:
No registered maintainer, unfortunately
The updated package fixes a security vulnerability:
Privilege escalation that allows an attacker to add or remove data in any database or make configuration changes. (CVE-2021-38295)
Updated package in core/updates_testing:
Fixed upstream in 3.1.2 =>