#9842: httpd-2.4.28
-------------------------+-----------------------
Reporter: bdubbs@… | Owner: bdubbs@…
Type: enhancement | Status: assigned
Priority: normal | Milestone: 8.2
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Comment (by bdubbs@…):
Changelog Apache 2.4
03-October-2017 Changes with Apache 2.4.28
{{{
Apache Lounge changes:
*) Upgraded nghttp2 to 1.26.0 from 1.24.0.1 (Changelog)
*) Upgraded brotli lib to 1.0.1 from master 1.0.0 (30-06-2017)
(Changelog)
*) Updgraded libxml2 to 2.9.5 from 2.9.4 (Changelog)
*) Upgraded expat to 2.2.4 from 2.2.1 (Changelog)
ASF changes:
*) SECURITY: CVE-2017-9798 (cve.mitre.org)
Corrupted or freed memory access. must now be used in the
main configuration file (httpd.conf) to register HTTP methods before
the
.htaccess files. [Yann Ylavic]
*) event: Avoid possible blocking in the listener thread when shutting
down
connections. PR 60956. [Yann Ylavic]
*) mod_speling: Don't embed referer data in a link in error page.
PR 38923 [Nick Kew]
*) htdigest: prevent a buffer overflow when a string exceeds the allowed
max
length in a password file.
[Luca Toscano, Hanno Böck ]
*) mod_proxy: loadfactor parameter can now be a decimal number (eg:
1.25).
[Jim Jagielski]
*) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.
PR 61142.
*) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
's' (second) and 'hr' (hour!) time suffixes. [Jim Jagielski]
*) mod_http2: Fix for stalling when more than 32KB are written to a
suspended stream. [Stefan Eissing]
*) build: allow configuration without APR sources. [Jacob Champion]
*) mod_ssl, ab: Fix compatibility with LibreSSL. PR 61184.
[Bernard Spil , Michael Schlenker ,
Yann Ylavic]
*) core/log: Support use of optional "tag" in syslog entries.
PR 60525. [Ben Rubson , Jim Jagielski]
*) mod_proxy: Fix ProxyAddHeaders merging. [Joe Orton]
*) core: Disallow multiple Listen on the same IP:port when listener
buckets
are configured (ListenCoresBucketsRatio > 0), consistently with the
single
bucket case (default), thus avoiding the leak of the corresponding
socket
descriptors on graceful restart. [Yann Ylavic]
*) event: Avoid listener periodic wake ups by using the pollset wake-
ability
when available. PR 57399. [Yann Ylavic, Luca Toscano]
*) mod_proxy_wstunnel: Fix detection of unresponded request which could
have
led to spurious HTTP 502 error messages sent on upgrade connections.
PR 61283. [Yann Ylavic]
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/9842#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
