CVE-2016-8743 was patched/mitigated in Apache 2.4 but is still an outstanding issue in 2.2, according to https://security-tracker.debian.org/tracker/CVE-2016-8743.
Is there a plan to rebase it to 2.2? If so, do you know when? The reason I ask is PCI DSS requires that we have all vulnerabilities patched within 30 days, and it's been 2 weeks since 2.4 was patched. Thanks, Jim Allison | Technical Product Lead | 1-888-400-9185 ext 2214 SpeedLine Solutions Inc. the leader in innovative solutions for pizza and delivery point of sale www.speedlinesolutions.com Studies show trees live longer when they're not cut down. Please consider before printing. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
