I'd like to calrify, my point I have binary DSO modules from 3rd party companies. I have several non-source Binary Apache versions from Sun, IBM, Stronghold and Oracle deployed. Mod_blowchunks has closed the door while I get updates from my vendors and test them with all the other software that Apache integrates with.
I might also add that I was on a tight schedule for another project. I would not have been able to meet my schedule commitments and install/deploy/test new Apache versions with my 3rd party DSO's. I will be upgrading ASAP. However, I find that I cannot migrate to Apache 2.0.x yet due to 3rd party dependencies. To make a long story short. We have to stay on Apache 1.3.x until we can migrate to BEA Weblogic 6.1 or 7.x, but to do so requires us to migrate our portal infrastructure from Weblogic Commerce Server 3.2 to Weblogic portal 4.0. Due to numerous API changes by BEA, this project turned into a re-coding of our portal. This project did not get funded this year. I decided to notify the list, because I can't imagine that I'm the only one with such constraints. BlowChunks.pl took a day to implement, test and deploy onto 15 systems. I implemented it as an include file so I can easily remove it. Now my company is not exposed to what Chunking attacks are looming and I can complete the current project and then begin the multiple week install/test/deploy cycle of the updated Apache(s) without being vunerable. So thanks again Cris! David ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
