On 12/06/2015 00:08, Jim Jagielski wrote:
> I'm calling a VOTE on releasing these as Apache httpd 2.4.14 GA.
>
> [ ] +1: Good to go
> [ ] +0: meh
> [ ] -1: Danger Will Robinson. And why.
-1
"The SSLCertificateChainFile directive () is deprecated,
SSLCertificateFile should be used instead"
On 06/11/2015 12:54 PM, William A Rowe Jr wrote:
On Thu, Jun 11, 2015 at 11:09 AM, Andy Wang mailto:aw...@ptc.com>> wrote:
On 06/11/2015 09:02 AM, William A Rowe Jr wrote:
Sounds telling. Can you get your installer to stall without
invoking
httpd.exe - and then
This is corrected in SVN, see
http://svn.apache.org/viewvc/httpd/httpd/trunk/server/request.c?view=log
Unsure why this edit didn't carry on to the github mirror.
On Thu, Jun 11, 2015 at 11:50 AM, Rainer Canavan <
rainer.cana...@sevenval.com> wrote:
> Hi,
>
> is the commit message incorrect or t
On Thu, Jun 11, 2015 at 11:09 AM, Andy Wang wrote:
>
> On 06/11/2015 09:02 AM, William A Rowe Jr wrote:
>
>>
>> Sounds telling. Can you get your installer to stall without invoking
>> httpd.exe - and then attempt to start httpd outside of the installer on
>> the same machine? Something going on
Hi,
is the commit message incorrect or the CHANGES file concerning CVE-2015-3183?
The commit message at
https://github.com/apache/httpd/commit/cd2b7a26c776b0754fb98426a67804fd48118708
uses CVE-2015-3183 for the "Replacement of ap_some_auth_required",
while the CHANGES uses it for "Remove apr_brig
On 06/11/2015 09:02 AM, William A Rowe Jr wrote:
Sounds telling. Can you get your installer to stall without invoking
httpd.exe - and then attempt to start httpd outside of the installer on
the same machine? Something going on within the installer may be
interacting with the winsock stack.
Yes, it will work with the cert checks, not without. Sorry, if that was
confusing.
> Am 11.06.2015 um 17:56 schrieb Yann Ylavic :
>
> On Thu, Jun 11, 2015 at 4:33 PM, Stefan Eissing
> wrote:
>> Two things:
>>
>> 1. the minimal thing to fix the situation is to return 421 instead of 400.
>>
On Thu, Jun 11, 2015 at 4:33 PM, Stefan Eissing
wrote:
> Two things:
>
> 1. the minimal thing to fix the situation is to return 421 instead of 400. H2
> clients will then open a new TLS connection for the request host. I don't
> know if this breaks any HTTP/1 clients, however it should not.
I t
Two things:
1. the minimal thing to fix the situation is to return 421 instead of 400. H2
clients will then open a new TLS connection for the request host. I don't know
if this breaks any HTTP/1 clients, however it should not.
2. Given that we answer not matching combinations with 421, the admi
The pre-release test tarballs for Apache httpd 2.4.14 can be found
at the usual place:
http://httpd.apache.org/dev/dist/
I'm calling a VOTE on releasing these as Apache httpd 2.4.14 GA.
[ ] +1: Good to go
[ ] +0: meh
[ ] -1: Danger Will Robinson. And why.
Vote will last the normal 72 hr
On Thu, Jun 11, 2015 at 8:48 AM, Andy Wang wrote:
>
> Pleading windows ignorance here, but what kind of permissions problem?
> Both processes are elevated to administrator via UAC (or with UAC disabled)
> and literally as soon as you kill the parent java.exe process, it starts to
> work.
>
Sound
On 06/10/2015 09:46 PM, William A Rowe Jr wrote:
On Wed, Jun 10, 2015 at 4:12 PM, Andy Wang mailto:aw...@ptc.com>> wrote:
I can reproduce the first case with the installer, pretty much
ondemand using our installer stuff. I've tried reproducing it by
ripping out the actions that do
Thx!
> On Jun 11, 2015, at 9:14 AM, Yann Ylavic wrote:
>
> Promoted in r1684879.
>
> On Thu, Jun 11, 2015 at 2:56 PM, Jim Jagielski wrote:
>> It would be great to include:
>>
>>http://svn.apache.org/r1667386
>>
>> in this.
>>
>>> On Jun 10, 2015, at 7:35 PM, Jim Jagielski wrote:
>>>
On Thu, Jun 11, 2015 at 9:08 AM William A Rowe Jr
wrote:
> But withholding a security fix for legacy server users? Sounds like a way
> to earn distrust of the user community, not reassure them that 2.4.14 is
> the best version available.
>
+1
Promoted in r1684879.
On Thu, Jun 11, 2015 at 2:56 PM, Jim Jagielski wrote:
> It would be great to include:
>
> http://svn.apache.org/r1667386
>
> in this.
>
>> On Jun 10, 2015, at 7:35 PM, Jim Jagielski wrote:
>>
>> Subj sez it all.
>
I believe the opposite, that the announcement 2.4 contains enhancements,
bug fixes, and security fixes, and 2.2 legacy containing security fixes
will set user expectations. A later 2.2 announce muddies the waters when
users ponder if it is 'current' and sufficient. We have language in both
files
It would be great to include:
http://svn.apache.org/r1667386
in this.
> On Jun 10, 2015, at 7:35 PM, Jim Jagielski wrote:
>
> Subj sez it all.
Hi all,
Can anybody have a look at this trivial bug waiting for months?
The bug is obvious and the fix is a one line change.
Thanks a lot
Not so happy to roll 2.2.30 in conjunction with 2.4.14.
It does not stimulate pp to upgrade to 2.4., it suggest that the httpd-project
gives 2.2 (legacy) the same priority as 2.4.
Better first 2.4 and after some time 2.2. I do not agree with the argument to
simplify the announcement.
From: W
19 matches
Mail list logo
