On 8/31/2011 8:17 AM, Jeff Trawick wrote: > On Wed, Aug 31, 2011 at 6:22 AM, Paul Reilly <parei...@tcd.ie> wrote: >> Why is there no information about the recent header Rang DoS vulnerability >> in Apache on the Apache security page? >> >> http://httpd.apache.org/security/ >> >> I would have expected at least to see some mention of it, and possible >> work-arounds. > > Only vulnerabilities which are fixed in a release are listed there. > As 2.2.20 is now released, the corresponding 2.2 security page has > been updated.
Actually, all published vulnerabilities are supposed to be listed. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org