Le 01/06/2021 à 03:07, William A Rowe Jr a écrit :
Christophe, thanks for your energetic efforts to kick off the next release!
I looked for the post but couldn't find it, the community is confused.
Is this release pulled for regressions? It hasn't been communicated
well, but the release is sitting on every mirror, since 6 to 24 hours
after you placed it on dist.
Inquiring minds would like to know, you seem to confirm this release in
this specific post, so it appears that it has happened, even if adopting
it is unwise.
Hi,
2.4.48 is live now.
However, the mails sent on annouce@a.o and annouce@httpd.a.o seem to not
have reached their destination yet.
Maybe a moderation issue on the lists.
As you can see, there is also some security related fixes. There are
listed at [1].
I still need to figure out a few things with our new CVE management
mechanism. So our vulnerability listing ([2]) with some more details is
not updated yet. I hope to be able to update it in the coming days.
Most CVE fixed in this release are rated from moderate to low impact.
Only one, CVE-2021-31618 is rated as important and could be exploited
for some DoS.
Christophe JAILLET
[1]: https://downloads.apache.org/httpd/CHANGES_2.4.48
[2]: https://httpd.apache.org/security/vulnerabilities_24.html
