This update for apache2 fixes the following issues:
Security issues fixed:
CVE-2018-11763: In Apache HTTP Server by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. (bsc#1109961)
Bug fixes:
consider also patterns in APACHECONFINCLUDE_DIRS as documentation
says (patch Juergen Gleiss)