Apache 2.4.33 Security und Bugfix Release

Der Webserver, Apache, wurde vor ein paar Wochen aktualisiert und steht seither in Version 2.4.33 bereit.

Apache 2.4.33 Release Notes

  • core: Fix request timeout logging and possible crash for error_log hooks.
    [Yann Ylavic]
  • mod_slomem_shm: Fix failure to create balancers’s slotmems in Windows MPM, where children processes need to attach them instead since they are owned by the parent process already. [Yann Ylavic]
  • ab: try all destination socket addresses returned by apr_sockaddr_info_get instead of failing on first one when not available. Needed for instance if localhost resolves to both ::1 and 127.0.0.1 e.g. if both are in /etc/hosts. [Jan Kaluza]
  • ab: Use only one connection to determine working destination socket address. [Jan Kaluza]
  • ab: LibreSSL doesn’t have or require Windows applink.c. [Gregg L. Smith]
  • htpasswd/htdigest: Disable support for bcrypt on EBCDIC platforms. apr-util’s bcrypt implementation doesn’t tolerate EBCDIC. [Eric Covener]
  • htpasswd/htdbm: report the right limit when get_password() overflows. [Yann Ylavic]
  • htpasswd: Don’t fail in -v mode if password file is unwritable. PR 61631. [Joe Orton]
  • htpasswd: don’t point to (unused) stack memory on output to make static analysers happy. PR 60634. [Yann Ylavic, reported by shqking and Zhenwei Zou]

Quelle: http://www.apache.org/dist/httpd/CHANGES_2.4.33

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

This site uses Akismet to reduce spam. Learn how your comment data is processed.