logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.



Post new topic   Forum Index -> News & Hangout View previous topic :: View next topic
Reply to topic   Topic: Apache httpd 2.4.41 GA Available
Author
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2755
Location: Hilversum, NL, EU

PostPosted: Tue 13 Aug '19 10:50    Post subject: Apache httpd 2.4.41 GA Available Reply with quote

Apache httpd 2.4.41 is released as GA.

ASF and Apachelounge changes : www.apachelounge.com/Changelog-2.4.html

Attention for mod_md new features and changes listed at 2.4.40 in the change log (2.4.40 was not released).

Be sure you have at least installed the C++ Redistributable 14.22.27821.0

Documentation: http://httpd.apache.org/docs/2.4/

Build with dependencies:

- VS16/VC15 openssl 1.1.1c, VC14 1.0.2s
- nghttp2 1.39.1
- jansson 2.12
- curl 7.65.3
- apr 1.7.0
- apr-util 1.6.1
- apr-iconv 1.2.2
- zlib 1.2.11
- brotli 1.0.7
- pcre 8.43
- libxml2 2.9.9
- lua 5.2.4
- expat 2.2.7

Why we have a VS16 now
Maybe you noticed that we call Visual Studio C++ 2019 VS16 instead of VC16. In consultation with the PHP team we both now going to use VS16. VS16 is the version number of Visual Studio 2019.

The reason is, that VC15 is already a fictional identity, as the real VC++ version is 14.1, as you know. The new default one is now 14.2 still, not 16. Also, the version numbers move a lot faster now that in versions before VS2015. Thus, it turns out better to refer to the Visual Studio version and it's default toolset, than trying to catch up with the VC++ version which became unpredictable. Back in time, we've started to build with a preview of VS2017, which was indeed VC15, but after the GA release the version has been changed to 14.1, where we didn't catch up.

One Redistributable for VC14, VC15 and VS16
For VC14, VC15 and VS16 there is now only one Redistributable, called Microsoft Visual C++ Redistributable for Visual Studio 2015, 2017 and 2019

When you have already installed the VC14 and/or VC15 Redistributable. Then after install of the new, the Redistributable VC14/15 is updated from 14.0x.xx/14.1x.xx to the new one 14.2x.xx , it is called Microsoft Visual C++ 2015-2019 Redistributable and you can still use VC15/14.

Note from Microsoft: Visual C++ 2015, 2017 and 2019 all share the same redistributable files.
For example, installing the Visual C++ 2015-2019 Redistributable will affect programs built with Visual C++ 2015 and 2017 also. However, installing the Visual C++ 2015 Redistributable will not replace the newer versions of the files installed by the Visual C++ 2015-2019 Redistributable.

This is different from all previous Visual C++ versions, as they each had their own distinct runtime files, not shared with other versions.

VS16, VC14 and VC15 are backward compatible.
VS16 is backward compatible to VC15/14 and VC15 backward to VC14. That means for example, a VC15/14 module can be used inside a VS16 binary (for example PHP VC15/14 as module).



When you have hangs, slow traffic and/or when having in your log entries like Asynchronous AcceptEx failed. You can try the following settings:

AcceptFilter http none
AcceptFilter https none
EnableSendfile off
EnableMMAP off

Enjoy,

Steffen
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2755
Location: Hilversum, NL, EU

PostPosted: Thu 15 Aug '19 9:51    Post subject: Reply with quote

The ASF has disclosed the security vulnerabilities fixed in 2.4.41.

Added now to 2.4.41 in www.apachelounge.com/Changelog-2.4.html

See also http://httpd.apache.org/security/vulnerabilities_24.html
Back to top
PipoDeClown



Joined: 20 Dec 2005
Posts: 77

PostPosted: Wed 04 Sep '19 10:54    Post subject: nghttp2 Reply with quote

A new nghttp2 has been released with countermeasures against some dos vulnerabilities.

https://github.com/nghttp2/nghttp2/releases
https://www.nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/
https://thehackernews.com/2019/08/http2-dos-vulnerability.html

Any chance this lib will be updated in your dist soon?
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2755
Location: Hilversum, NL, EU

PostPosted: Wed 04 Sep '19 11:04    Post subject: Reply with quote

Nope, no need to update.

There is a note at https://www.nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/ :

libnghttp2 itself is not affected by vulnerabilities reported above.


The fixes are for the applications nghttpd and nghttpx, we only use the lib (source /lib folder and not the application source in the /src folder). So the lib has no changes only a new option. The new option in the lib is not used at the moment by Apache.
Back to top
long76



Joined: 28 Oct 2017
Posts: 6

PostPosted: Sat 14 Sep '19 9:46    Post subject: Reply with quote

openssl 1.1.1d, 1.0.2t released
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 595

PostPosted: Sat 14 Sep '19 11:11    Post subject: Reply with quote

Issues fixed by these releases is rated as LOW, then we do not upgrade.

And we doubt that users are dealing with this issues. But When you are desperate that you are dealing with these issues, please let us know.

See also https://www.apachelounge.com/viewtopic.php?t=8354
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2755
Location: Hilversum, NL, EU

PostPosted: Sun 29 Sep '19 11:03    Post subject: Reply with quote

Update available for Microsoft Visual C++ Redistributable for Visual Studio 2015-2019.

See VS16/VC14/VC15 download pages.

Now the version is 14.23.27820.0
Back to top


Reply to topic   Topic: Apache httpd 2.4.41 GA Available View previous topic :: View next topic
Post new topic   Forum Index -> News & Hangout