Hi folks, AFAIU apache2 2.4.56-1 has been included in Bullseye to mitigate CVE-2023-27522 and CVE-2023-25690 (both some mod_proxy issue with high severity). Good thing.
Unfortunately this introduced 2 regressions for mod_rewrite and http2, see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033284 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033408 https://metadata.ftp-master.debian.org/changelogs//main/a/apache2/apache2_2.4.56-2_changelog Would it be possible to fix the upgrade? I can turn off http2, but I feel *very* bad about running an apache with a broken mod_rewrite in production. Thank you very much Harri
