Apache 2.4.28

wattie

Verified User
Joined
May 31, 2008
Messages
1,234
Location
Bulgaria
http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/<CACsi253RDMjgzixy_qxJEcse9usBicendZ+pXxsQ=innRJXnmQ@mail.gmail.com>

This release of Apache is
a security, feature, and bug fix release.

o SECURITY: CVE-2017-9798 (cve.mitre.org)
Corrupted or freed memory access. <Limit[Except] > or the
RegisterHttpMethod directive must be given in the startup
configuration (httpd.conf) to register non-standard HTTP methods
before listing them in an .htaccess files.

And for the Apache 2.2 users:

Please note that while the Apache HTTP Server Project may publish some
security patches to the 2.2.x flavor through at least December of 2017,
no further maintenance patches of 2.2.x will be considered and no further
releases will be distributed. The 2.2.x branch has now reached the end of
its maintenance, and users are strongly encouraged to promptly complete
their transitions to this 2.4.x flavor of httpd to benefit from security
and bug fixes, as well as new features.
 
Back
Top