logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> News & Hangout View previous topic :: View next topic
Reply to topic   Topic: Apache 2.2.21 available for testing,
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Sat 10 Sep '11 12:53    Post subject: Apache 2.2.21 available for testing, Reply with quote

Voting for 2.2.21 is at the moment at the ASF.

Download http://www.apachelounge.com/download/


Upgraded OpenSSL to 1.0.0e.


Changelog http://www.apachelounge.com/Changelog.html

Apache 2.2.21 has an improved fix for the Range header DoS vulnerability, see http://wiki.apache.org/httpd/CVE-2011-3192

There is also a new directive:

MaxRanges:
The MaxRanges directive limits the number of HTTP ranges the server is willing to return to the client. If more ranges then permitted are requested, the complete resource is returned instead.

It is included now in the shipped httpd.conf and is using the default of 200.


Steffen
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Sat 10 Sep '11 13:06    Post subject: Reply with quote

Does the OpenSSL 0.9 downgrade still work with this?
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3049
Location: Hilversum, NL, EU

PostPosted: Sat 10 Sep '11 13:10    Post subject: Reply with quote

When 2.2.21 is final I shall make a build with OpenSSL 0.9.8r.

Should work.

Steffen
Back to top
maskego



Joined: 16 Apr 2010
Posts: 238

PostPosted: Sun 11 Sep '11 0:52    Post subject: Reply with quote

When will the 2.2.21 stable release?
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Mon 12 Sep '11 0:41    Post subject: Reply with quote

This will be a 72 hour vote, which ends no later than Noon ET Monday

So what is that, about 1600 zulu?
Back to top


Reply to topic   Topic: Apache 2.2.21 available for testing, View previous topic :: View next topic
Post new topic   Forum Index -> News & Hangout