On Sunday, 6 November 2016 09:27:18 CET John Gates wrote: > I have a server that needs to stay PCIDSS compliant and it is complaining > that apache 2.4.10 is running... When is an update going to be > available... Do I have to compile my own Apache version? Seems odd that > stability is favored over security... Please advise.
Debian back-ports individual security fixes, not complete new upstream versions. See https://www.debian.org/security/faq#oldversion An overview over the security issues that have been fixed in apache2 is available via https://security-tracker.debian.org/tracker/source-package/apache2