logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.




Apache httpd 2.4.34 GA available :: Updated

 
Post new topic   Reply to topic    Apache Forum Index -> News & Hangout



View previous topic :: View next topic  
Author Message
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2662
Location: Hilversum, NL, EU

PostPosted: Sat 14 Jul '18 10:43    Post subject: Apache httpd 2.4.34 GA available :: Updated Reply with quote

Apache httpd 2.4.34 is released as GA.

15 August 2018: Update OpenSSL, see changelog

ASF and Apachelounge changes :

www.apachelounge.com/Changelog-2.4.html

Build with dependencies:

- VC15 openssl 1.1.0i, VC11/14 openssl 1.0.2o
- nghttp2 1.32.0
- jansson 2.11
- curl 7.61.0
- apr 1.6.3
- apr-util 1.6.1
- apr-iconv 1.2.2
- zlib 1.2.11
- brotli lib 1.0.5
- pcre 8.42
- libxml2 2.9.8
- lua 5.2.4
- expat 2.2.5

VC15 notes:
VC15 is backward compatible to VC14. That means, a VC14 module can be used inside a VC15 binary (for example PHP VC14 as module). Because this compatibility the version number of the Redistributable is 14.1x.xx and after you install, the Redistributable VS2015 is updated from 14.0x.xx to VS2017 14.1x.xx (you can still use VC14).

Documentation: http://httpd.apache.org/docs/2.4/

When you have hangs, slow traffic and/or when having in your log entries like Asynchronous AcceptEx failed. You can try the following settings:

AcceptFilter http none
AcceptFilter https none
EnableSendfile off
EnableMMAP off

Enjoy,

Steffen


Last edited by Steffen on Wed 15 Aug '18 12:14; edited 2 times in total
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2662
Location: Hilversum, NL, EU

PostPosted: Wed 18 Jul '18 14:02    Post subject: Reply with quote

The ASF forgot tho mention security vulnerabilities fixed in 2.4.34.

Added now to www.apachelounge.com/Changelog-2.4.html :

*) SECURITY: CVE-2018-8011 (cve.mitre.org)
mod_md: DoS via Coredumps on specially crafted requests

*) SECURITY: CVE-2018-1333 (cve.mitre.org)
mod_http2: DoS for HTTP/2 connections by specially crafted requests

See also http://httpd.apache.org/security/vulnerabilities_24.html
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2662
Location: Hilversum, NL, EU

PostPosted: Wed 15 Aug '18 12:13    Post subject: Reply with quote

Update to latest OpenSSL, see changelog entry 15 August 2018 www.apachelounge.com/Changelog-2.4.html

VC14 and VC11 follows

Also:

New version 14.15.26706.0 Microsoft Visual C++ Redistributable for Visual Studio 2017

To update use the link on the VC15 download page.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> News & Hangout
Page 1 of 1