Keep Server Online|
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Apache Lounge is not sponsored.
Your donations will help to keep this site alive and well, and continuing building binaries.
Joined: 15 Oct 2005
Location: Hilversum, NL, EU
|Posted: Wed 28 Jan '15 23:08 Post subject: Apache httpd 2.4.12 available :: Updated OpenSSL
|Apache 2.4.12 GA is now available here at the download pages, see ASF announcement below.
For the ASF and Apachelounge changes,
9 July 2015
*) VC14 Upgraded OpenSSL to 1.0.2d from 1.0.2a see www.openssl.org/news/
*) VC10/11 are updated with OpenSSL 1.0.1p when 2.4.16 is available
31 May 2015:
*) VC14 build available
20 March 2015:
*) Upgraded OpenSSL to 1.0.1m from 1.0.1l see www.openssl.org/news/
*) Upgraded OpenSSL to 0.9.8zf from 1.9.8ze, see www.openssl.org/news/
VC11 and VC14 versions do not run with XP and 2003, use the VC10 version.
Documentation: http://httpd.apache.org/docs/2.4/ attention there when you want to Upgrade to 2.4 from 2.2
When you have hangs, slow traffic and/or when having in your log entries like Asynchronous AcceptEx failed. You can try the following settings:
AcceptFilter http none
AcceptFilter https none
------------------------ ASF Announcement ---------------------
Apache HTTP Server 2.4.12 Released
The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.4.12 of the Apache HTTP Server ("Apache"). This version of Apache is our latest GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project, and is recommended over all previous releases. This release of Apache is principally a security, feature and bug fix release. NOTE: there was no release of 2.4.11.
•CVE-2014-3583 mod_proxy_fcgi: Fix a potential crash due to buffer over-read, with response headers' size above 8K.
•CVE-2014-3581 mod_cache: Avoid a crash when Content-Type has an empty value. PR 56924.
•CVE-2014-8109 mod_lua: Fix handling of the Require line when a LuaAuthzProvider is used in multiple Require directives with different arguments. PR57204.
•CVE-2013-5704 core: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior.
Also in this release are some exciting new features including:
•Proxy FGI and websockets improvements
•Proxy capability via handler
•Finer control over scoping of RewriteRules
•Unix Domain Socket (UDS) support for mod_proxy backends.
•Support for larger shared memory sizes for mod_socache_shmcb
•mod_lua and mod_ssl enhancements
•Support named groups and backreferences within the LocationMatch, DirectoryMatch, FilesMatch and ProxyMatch directives.
We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.
Last edited by Steffen on Sat 21 Mar '15 11:50; edited 1 time in total