I love CentOS, but I am seriously regretting selecting Centos 4.4 for my
production hosting servers. The current situation with CentOS 4.4 and being
stuck at Apache 2.0.52 is a huge problem because of the new requirements for
the Credit Card industry PCI scan. Apache 2.0.52 does not pass PCI
compliance scans. which means no ecommerce on any of these servers - MAJOR
ISSUE. So my question to the community is: when are new Apache RPM's going
to be released or at minimum a backported version that plugs these security
holes so we can pass PCI scans. Apache 2.0.52 has some major issues that
need to be dealt with?
Help us out here. I know I am not the only one in this situation. every
hosting company that uses Ensim Pro X is just where I am.
Any insight or better yet a solution to this would be great.
Are you actually using CentOS 4.4 or are you using a fully updated version
of CentOS 4.6? If you are fully updated, or simply download the latest
CentOS 4 httpd package and run "rpm -q --changelog httpd | less" for an
installed package or "rpm -qp --changelog /path/to/httpd/package | less"
for a downloaded, but not yet installed package, you can see all of the
changes, complete with which CVE issues have been addressed in each
package build.
Barry
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
