| Author |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3201
Location: Hilversum, NL, EU
|
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 332
Location: Paris, France, EU
|
 Posted: Sat 06 Jun '26 16:08 Post subject: |
 |
|
Hi,
No problem. Thank you. |
|
| Back to top |
|
mrdj1024
Joined: 03 Apr 2023
Posts: 92
Location: Bridgeton,NJ,USA
|
| Posted: Sat 06 Jun '26 22:42 Post subject: |
|
|
| working just fine! |
|
| Back to top |
|
DnvrSysEngr
Joined: 15 Apr 2012
Posts: 229
Location: Denver, CO USA
|
| Posted: Sat 06 Jun '26 23:47 Post subject: |
|
|
For me, with my current setup, everything is working just fine.
Server Software: Apache/2.4.68 (Win64) OpenSSL/3.6.2 mod_qos/11.78 mod_fcgid/2.3.10-dev
SSL Version Interface: mod_ssl/2.4.68
SSL Version Library: OpenSSL/3.6.2
Server Protocol: HTTP/2.0
SSL Cipher: TLS_AES_256_GCM_SHA384
SSL Protocol: TLSv1.3
PHP Version: 8.6.0-dev |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3201
Location: Hilversum, NL, EU
|
|
| Back to top |
|
Jan-E
Joined: 09 Mar 2012
Posts: 1301
Location: Amsterdam, NL, EU
|
| Posted: Tue 09 Jun '26 14:13 Post subject: |
|
|
| OpenSSL 3.6.3 has just been released. Time for another change. |
|
| Back to top |
|
admin
Site Admin
Joined: 15 Oct 2005
Posts: 755
|
| Posted: Tue 09 Jun '26 19:15 Post subject: |
|
|
Later, we always wait some time, to see if issues pop up. And need testing.
Vote has passed, no changes in the RC.
Thanks all for testing !!
Tomorrow or Thursday we release. |
|
| Back to top |
|
Stray78
Joined: 15 Apr 2024
Posts: 66
Location: USA
|
| Posted: Tue 09 Jun '26 22:00 Post subject: |
|
|
Antivirus throwing up warnings...
Desktop\httpd-2.4.68-rc1-Win64\Apache24\bin\luac.exe
Desktop\httpd-2.4.68-rc1-Win64\Apache24\bin\brotli.exe
Desktop\httpd-2.4.68-rc1-Win64\Apache24\bin\lua.exe
Desktop\httpd-2.4.68-rc1-Win64\Apache24\bin\xmlcatalog.exe
Desktop\httpd-2.4.68-rc1-Win64\Apache24\bin\xmlwf.exe
Never had this happen before with an apachelounge build. |
|
| Back to top |
|
tangent
Moderator
Joined: 16 Aug 2020
Posts: 454
Location: UK
|
| Posted: Tue 09 Jun '26 22:42 Post subject: |
|
|
Which AV product are you using?
On my Windows 11 platform, Microsoft Defender (1.453.11.0) finds no issues with the files in the 2.4.68-rc1 release candidate folder. Have just tried a manual scan to confirm. |
|
| Back to top |
|
axel.kam
Joined: 11 Jul 2023
Posts: 30
|
|
| Back to top |
|
Crafted
Joined: 04 Feb 2026
Posts: 23
|
| Posted: Wed 10 Jun '26 11:07 Post subject: |
|
|
this is concerning but even more concerning is that they released it knowing about this...
comparing both version affected dependencies seems it wasn't changed too much so I wonder why this is different, I don't think I gonna install this in my server. |
|
| Back to top |
|
muentzer
Joined: 01 May 2006
Posts: 6
|
| Posted: Wed 10 Jun '26 15:17 Post subject: |
|
|
| Quote: | | this is concerning but even more concerning is that they released it knowing about this... |
Did you even read the virustotal reports? 1 out of 71 security vendors flagged brotli.exe and lua.exe as malicious ... What did you expect Steffen to do? |
|
| Back to top |
|
tangent
Moderator
Joined: 16 Aug 2020
Posts: 454
Location: UK
|
| Posted: Wed 10 Jun '26 15:20 Post subject: |
|
|
Just to add, Apache Lounge builds are created using the latest available release of Microsoft Visual Studio 18.
The May releases of VS18 contain updated code optimizations, and optional changes to heap management in executables (Segment Heap) - https://learn.microsoft.com/en-us/visualstudio/releases/2026/release-notes. The Apache Lounge builds are not using this Segment Heap feature.
It's entirely possible that the newly compiled code is being interpreted as false positives by some AV products, that have yet to fine-tune their signatures for the revised Microsoft coding.
What's clear is the source code for the binaries mentioned above (lua, brotli, and libxml2), hasn't changed since the previous release of Apache Lounge httpd, so the only real difference is the compiler.
I don't consider these AV alerts a major cause for concern. |
|
| Back to top |
|
Stray78
Joined: 15 Apr 2024
Posts: 66
Location: USA
|
| Posted: Wed 10 Jun '26 22:03 Post subject: |
|
|
| tangent wrote: | Which AV product are you using?
On my Windows 11 platform, Microsoft Defender (1.453.11.0) finds no issues with the files in the 2.4.68-rc1 release candidate folder. Have just tried a manual scan to confirm. |
I had none of these trigger anti-virus on 2.4.67. Now on 2.4.68 all the ones listed above. This is with regular windows anti-virus.
This is:
Windows Server 2025 Datacenter
Version 24H2
Installed on 12/5/2024
OS build 26100.32522
Literally at 4 AM windows removed the whole .RAR file. |
|
| Back to top |
|
axel.kam
Joined: 11 Jul 2023
Posts: 30
|
| Posted: Thu 11 Jun '26 0:15 Post subject: |
|
|
| Stray78 wrote: | | I had none of these trigger anti-virus on 2.4.67. Now on 2.4.68 all the ones listed above. This is with regular windows anti-virus. |
Please try to update your definitions and scan files again.
Yesterday virustotal give two antivirus engine find virus, include Microsoft Defender. But now Defender at virustotal doesn't find viruses.
Think Microsoft already adapt Defender defenitions fof new VStudio builds. |
|
| Back to top |
|
Stray78
Joined: 15 Apr 2024
Posts: 66
Location: USA
|
| Posted: Thu 11 Jun '26 3:50 Post subject: |
|
|
| axel.kam wrote: | Please try to update your definitions and scan files again.
Yesterday virustotal give two antivirus engine find virus, include Microsoft Defender. But now Defender at virustotal doesn't find viruses.
Think Microsoft already adapt Defender defenitions fof new VStudio builds. |
Yeah no detections now. Strange lol.My definitions automatically updated at 4 AM it said. I ran it again & I downloaded without any detections. |
|
| Back to top |
|
