"Tim" <[EMAIL PROTECTED]> wrote :
> what a shame that the apache sysadmin is too lazy to update
I think that's kind of uncalled-for.
Points :
1) I expect Brian Behlendorf (sp?) is at the ApacheCon conference, has been
preparing for it, and/or is on his way back.
Either way, he'll have been a mite busy just lately.
2) As Lewis Bergman explained just now :
"Do you run scripts which are subject to the cross site scripting
addressed in
one of the latest CERT's. 1.3.12 addresses this problem."
The main point of 1.3.12 is to address those security problems; if a
website doesn't have any dynamic content, and hasn't hit any of the other
(mostly minor ?) bugs fixed in 1.3.12, then there's no *need* to upgrade.
What's your purpose ?
Nick
Systems Team, EDS Healthcare, Bristol, UK
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
