httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r704583 - in /httpd/site/trunk: dist/Announcement2.2.html dist/Announcement2.2.txt xdocs/download.xml xdocs/index.xml
Date Tue, 14 Oct 2008 17:19:08 GMT
Author: jim
Date: Tue Oct 14 10:19:08 2008
New Revision: 704583

URL: http://svn.apache.org/viewvc?rev=704583&view=rev
Log:
Change for 2.2.10

Modified:
    httpd/site/trunk/dist/Announcement2.2.html
    httpd/site/trunk/dist/Announcement2.2.txt
    httpd/site/trunk/xdocs/download.xml
    httpd/site/trunk/xdocs/index.xml

Modified: httpd/site/trunk/dist/Announcement2.2.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/dist/Announcement2.2.html?rev=704583&r1=704582&r2=704583&view=diff
==============================================================================
--- httpd/site/trunk/dist/Announcement2.2.html (original)
+++ httpd/site/trunk/dist/Announcement2.2.html Tue Oct 14 10:19:08 2008
@@ -14,10 +14,10 @@
 >
 <img src="../../images/apache_sub.gif" alt="">
 
-<h1>Apache HTTP Server 2.2.9 Released</h1>
+<h1>Apache HTTP Server 2.2.10 Released</h1>
 
 <p>The Apache Software Foundation and the Apache HTTP Server Project are
-pleased to announce the release of version 2.2.9 of the Apache HTTP Server
+pleased to announce the release of version 2.2.10 of the Apache HTTP Server
 ("Apache").</p>
 
 <p>This version of Apache is principally a bug and security fix release.
@@ -26,17 +26,10 @@
 
 <ul>
 <li><a
- href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364:</a>
- mod_proxy_http: Better handling of excessive interim responses
- from origin server to prevent potential denial of service and high
- memory usage. Reported by Ryujiro Shibuya.
-</li>
-
-<li><a
- href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420">CVE-2007-6420:</a>
- mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager
- interface. 
-</li>
+ href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939:</a>
+ mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
+ the FTP URL. Discovered by Marc Bevand of Rapid7.
+ </li>
 
 </ul>
 
@@ -45,7 +38,7 @@
 encourage users of all prior versions to upgrade.
 </p>
 
-<p>Apache HTTP Server 2.2.9 is available for download from:</p>
+<p>Apache HTTP Server 2.2.10 is available for download from:</p>
 <dl>
   <dd><a href="http://httpd.apache.org/download.cgi"
               >http://httpd.apache.org/download.cgi</a></dd>
@@ -64,10 +57,10 @@
 
 <p>
 Please see the CHANGES_2.2 file, linked from the download page, for a
-full list of changes.  A condensed list, CHANGES_2.2.9 provides the
-complete list of changes since 2.2.8.
+full list of changes.  A condensed list, CHANGES_2.2.10 provides the
+complete list of changes since 2.2.9.
 A summary of security vulnerabilities
-which were  addressed in the previous 2.2.8 and earlier releases is available:
+which were  addressed in the previous 2.2.9 and earlier releases is available:
 <dl>
   <dd><a href="http://httpd.apache.org/security/vulnerabilities_22.html"
               >http://httpd.apache.org/security/vulnerabilities_22.html</a>

Modified: httpd/site/trunk/dist/Announcement2.2.txt
URL: http://svn.apache.org/viewvc/httpd/site/trunk/dist/Announcement2.2.txt?rev=704583&r1=704582&r2=704583&view=diff
==============================================================================
--- httpd/site/trunk/dist/Announcement2.2.txt (original)
+++ httpd/site/trunk/dist/Announcement2.2.txt Tue Oct 14 10:19:08 2008
@@ -1,24 +1,18 @@
-                       Apache HTTP Server 2.2.9 Released
+                       Apache HTTP Server 2.2.10 Released
 
    The Apache Software Foundation and the Apache HTTP Server Project are
-   pleased to announce the release of version 2.2.9 of the Apache HTTP Server
+   pleased to announce the release of version 2.2.10 of the Apache HTTP Server
    ("Apache").  This version of Apache is principally a bug and security fix
    release. The following potential security flaws are addressed:
 
-     * CVE-2008-2364 (cve.mitre.org)
-       mod_proxy_http: Better handling of excessive interim responses
-       from origin server to prevent potential denial of service and high
-       memory usage. Reported by Ryujiro Shibuya.
-
-     * CVE-2007-6420 (cve.mitre.org)
-       mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager
-       interface.
-
+     * CVE-2008-2939 (cve.mitre.org)
+       mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
+       the FTP URL. Discovered by Marc Bevand of Rapid7.
 
    We consider this release to be the best version of Apache available, and
    encourage users of all prior versions to upgrade.
 
-   Apache HTTP Server 2.2.9 is available for download from:
+   Apache HTTP Server 2.2.10 is available for download from:
 
      http://httpd.apache.org/download.cgi
 
@@ -29,9 +23,9 @@
      http://httpd.apache.org/docs/2.2/new_features_2_2.html
 
    Please see the CHANGES_2.2 file, linked from the download page, for a
-   full list of changes.  A condensed list, CHANGES_2.2.9 provides the
-   complete list of changes since 2.2.8. A summary of security vulnerabilities
-   which were addressed in the previous 2.2.8 and earlier releases is available:
+   full list of changes.  A condensed list, CHANGES_2.2.10 provides the
+   complete list of changes since 2.2.9. A summary of security vulnerabilities
+   which were addressed in the previous 2.2.9 and earlier releases is available:
    
      http://httpd.apache.org/security/vulnerabilities_22.html
 

Modified: httpd/site/trunk/xdocs/download.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/download.xml?rev=704583&r1=704582&r2=704583&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/download.xml (original)
+++ httpd/site/trunk/xdocs/download.xml Tue Oct 14 10:19:08 2008
@@ -52,11 +52,11 @@
 
 </section>
 
-<section id="apache22" date="2008-06-13"><title>Apache HTTP Server 2.2.9 
+<section id="apache22" date="2008-06-13"><title>Apache HTTP Server 2.2.10 
 is the best available version</title>
 
 <p>The Apache HTTP Server Project is pleased to announce the release of Apache
-HTTP Server, version 2.2.9.  This release represents ten years of innovation
+HTTP Server, version 2.2.10.  This release represents ten years of innovation
 by the project, and is recommended over all previous releases!  In particular,
 this release fixes a few potential security vulnerabilites.</p>
 
@@ -64,7 +64,7 @@
    href="http://www.apache.org/dist/httpd/Announcement2.2.html">Official
    Announcement</a> and the <a
    href="[preferred]/httpd/CHANGES_2.2">CHANGES_2.2</a> and
-   <a href="[preferred]/httpd/CHANGES_2.2.9">CHANGES_2.2.9</a> lists</p>
+   <a href="[preferred]/httpd/CHANGES_2.2.10">CHANGES_2.2.10</a> lists</p>
 
 <p>Add-in modules for Apache 1.3 or 2.0 are not compatible with Apache 2.2.
    If you are running third party add-in modules, you must obtain modules
@@ -75,36 +75,36 @@
 <ul>
 
 <li>Unix Source: 
-<a href="[preferred]/httpd/httpd-2.2.9.tar.gz">httpd-2.2.9.tar.gz</a> 
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9.tar.gz.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9.tar.gz.md5">MD5</a>]
+<a href="[preferred]/httpd/httpd-2.2.10.tar.gz">httpd-2.2.10.tar.gz</a> 
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10.tar.gz.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10.tar.gz.md5">MD5</a>]
 </li>
 
 <li>Unix Source: 
-<a href="[preferred]/httpd/httpd-2.2.9.tar.bz2">httpd-2.2.9.tar.bz2</a> 
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9.tar.bz2.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9.tar.bz2.md5">MD5</a>]
+<a href="[preferred]/httpd/httpd-2.2.10.tar.bz2">httpd-2.2.10.tar.bz2</a> 
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10.tar.bz2.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10.tar.bz2.md5">MD5</a>]
 </li>
 
 <li>Win32 Source: 
-<a href="[preferred]/httpd/httpd-2.2.9-win32-src.zip"
-  >httpd-2.2.9-win32-src.zip</a> 
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9-win32-src.zip.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9-win32-src.zip.md5">MD5</a>]
+<a href="[preferred]/httpd/httpd-2.2.10-win32-src.zip"
+  >httpd-2.2.10-win32-src.zip</a> 
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10-win32-src.zip.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10-win32-src.zip.md5">MD5</a>]
 </li>
 
 <li>Win32 Binary without crypto (no mod_ssl) (MSI Installer): 
-<a href="[preferred]/httpd/binaries/win32/apache_2.2.9-win32-x86-no_ssl-r2.msi"
-  >apache_2.2.9-win32-x86-no_ssl-r2.msi</a>
-[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.9-win32-x86-no_ssl-r2.msi.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.9-win32-x86-no_ssl-r2.msi.md5">MD5</a>]
+<a href="[preferred]/httpd/binaries/win32/apache_2.2.10-win32-x86-no_ssl-r2.msi"
+  >apache_2.2.10-win32-x86-no_ssl-r2.msi</a>
+[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.10-win32-x86-no_ssl-r2.msi.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.10-win32-x86-no_ssl-r2.msi.md5">MD5</a>]
 </li>
 
 <li>Win32 Binary including OpenSSL 0.9.8h (MSI Installer): 
-<a href="[preferred]/httpd/binaries/win32/apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi"
-  >apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi</a>
-[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi.md5">MD5</a>]
+<a href="[preferred]/httpd/binaries/win32/apache_2.2.10-win32-x86-openssl-0.9.8h-r2.msi"
+  >apache_2.2.10-win32-x86-openssl-0.9.8h-r2.msi</a>
+[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.10-win32-x86-openssl-0.9.8h-r2.msi.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.10-win32-x86-openssl-0.9.8h-r2.msi.md5">MD5</a>]
 </li>
 
 <li><a href="[preferred]/httpd/">Other files</a></li>
@@ -272,7 +272,7 @@
 </code></p>
 
 <ul>
-<li>httpd-2.2.9.tar.* is signed by Jim Jagielski <code>08C975E5</code></li>
+<li>httpd-2.2.10.tar.* is signed by Jim Jagielski <code>08C975E5</code></li>
 <li>httpd-2.0.63.tar.* is signed by Jim Jagielski <code>08C975E5</code></li>
 <li>apache_1.3.41.tar.* is signed by Jim Jagielski <code>08C975E5</code></li>
 <li>apache_*.msi are signed by William Rowe <code>B55D9977(CB9B9EC5)</code></li>

Modified: httpd/site/trunk/xdocs/index.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/index.xml?rev=704583&r1=704582&r2=704583&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/index.xml (original)
+++ httpd/site/trunk/xdocs/index.xml Tue Oct 14 10:19:08 2008
@@ -21,12 +21,12 @@
 href="http://www.apache.org/">Apache Software Foundation</a>.</p>
 </section>
 
-<section id="2.2.9" date="2008-06-13">
-<title>Apache 2.2.9 Released</title>
+<section id="2.2.10" date="2008-10-14">
+<title>Apache 2.2.10 Released</title>
 
 <p>The Apache HTTP Server Project is proud to <a
 href="http://www.apache.org/dist/httpd/Announcement2.2.html">announce</a>
-the release of version 2.2.9 of the Apache HTTP Server ("Apache").  This
+the release of version 2.2.10 of the Apache HTTP Server ("Apache").  This
 version is principally a security and bugfix release.</p>
 
 <p>This version of Apache is a major release and the start of a new stable



Mime
View raw message