httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r1019133 - in /websites/staging/httpd/trunk/content: ./ doap.rdf download.html index.html security/vulnerabilities-httpd.xml security/vulnerabilities_24.html
Date Thu, 05 Oct 2017 16:26:20 GMT
Author: buildbot
Date: Thu Oct  5 16:26:19 2017
New Revision: 1019133

Log:
Staging update by buildbot for httpd

Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/doap.rdf
    websites/staging/httpd/trunk/content/download.html
    websites/staging/httpd/trunk/content/index.html
    websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
    websites/staging/httpd/trunk/content/security/vulnerabilities_24.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Oct  5 16:26:19 2017
@@ -1 +1 @@
-1809193
+1811218

Modified: websites/staging/httpd/trunk/content/doap.rdf
==============================================================================
Binary files - no diff available.

Modified: websites/staging/httpd/trunk/content/download.html
==============================================================================
--- websites/staging/httpd/trunk/content/download.html (original)
+++ websites/staging/httpd/trunk/content/download.html Thu Oct  5 16:26:19 2017
@@ -119,7 +119,7 @@ of releases, are available from the
 <a href="//httpd.apache.org/docs/current/platform/windows.html#down">a number of third
party vendors</a>.</p>
 <p>Stable Release - Latest Version:</p>
 <ul>
-<li><a href="#apache24">2.4.27</a> (released 2017-07-11)</li>
+<li><a href="#apache24">2.4.28</a> (released 2017-10-05)</li>
 </ul>
 <p>Legacy Release - 2.2 Branch:</p>
 <ul>
@@ -140,31 +140,31 @@ value="[backup]">[backup] (backup)</opti
 type="submit" value="Change"></input></form>
 You may also consult the <a href="//www.apache.org/mirrors/">complete list of
 mirrors</a>.</p>
-<h1 id="apache24">Apache HTTP Server 2.4.27 (httpd): 2.4.27 is the latest available
version <span>2017-07-11</span><a class="headerlink" href="#apache24" title="Permanent
link">&para;</a></h1>
+<h1 id="apache24">Apache HTTP Server 2.4.28 (httpd): 2.4.28 is the latest available
version <span>2017-07-11</span><a class="headerlink" href="#apache24" title="Permanent
link">&para;</a></h1>
 <p>The Apache HTTP Server Project is pleased to
 <a href="//www.apache.org/dist/httpd/Announcement2.4.txt">announce</a> the
-release of version 2.4.27 of the Apache HTTP Server ("Apache" and "httpd").
+release of version 2.4.28 of the Apache HTTP Server ("Apache" and "httpd").
 This version of Apache is our latest GA release of the new generation 2.4.x
 branch of Apache HTTPD and represents fifteen years of innovation by the
 project, and is recommended over all previous releases!</p>
 <p>For details see the <a href="//www.apache.org/dist/httpd/Announcement2.4.html">Official
 Announcement</a> and
 the <a href="[preferred]/httpd/CHANGES_2.4">CHANGES_2.4</a> and
-<a href="[preferred]/httpd/CHANGES_2.4.27">CHANGES_2.4.27</a> lists</p>
+<a href="[preferred]/httpd/CHANGES_2.4.28">CHANGES_2.4.28</a> lists</p>
 <ul>
 <li>
-<p>Source: <a href="[preferred]/httpd/httpd-2.4.27.tar.bz2">httpd-2.4.27.tar.bz2</a>
-[ <a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.asc">PGP</a>
] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.md5">MD5</a>
] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha1">SHA1</a>
] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha256">SHA256</a>
]</p>
+<p>Source: <a href="[preferred]/httpd/httpd-2.4.28.tar.bz2">httpd-2.4.28.tar.bz2</a>
+[ <a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.asc">PGP</a>
] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.md5">MD5</a>
] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.sha1">SHA1</a>
] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.sha256">SHA256</a>
]</p>
 </li>
 <li>
-<p>Source: <a href="[preferred]/httpd/httpd-2.4.27.tar.gz">httpd-2.4.27.tar.gz</a>
[
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.asc">PGP</a> ]
[
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.md5">MD5</a> ]
[
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.sha1">SHA1</a>
] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.sha256">SHA256</a>
]</p>
+<p>Source: <a href="[preferred]/httpd/httpd-2.4.28.tar.gz">httpd-2.4.28.tar.gz</a>
[
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.asc">PGP</a> ]
[
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.md5">MD5</a> ]
[
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.sha1">SHA1</a>
] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.sha256">SHA256</a>
]</p>
 </li>
 <li>
 <p><a href="[preferred]/httpd/binaries/">Binaries</a> </p>
@@ -181,7 +181,8 @@ the <a href="[preferred]/httpd/CHANGES_2
 </ul>
 <h1 id="apache22">Apache HTTP Server 2.2.34 (httpd) <span>2017-07-11</span><a
class="headerlink" href="#apache22" title="Permanent link">&para;</a></h1>
 <p>The Apache HTTP Server Project is pleased to announce the release of Apache
-HTTP Server (httpd) version 2.2.34.</p>
+HTTP Server (httpd) version 2.2.34. This version will be the last release
+of the 2.2 legacy branch.</p>
 <p>For details see the <a href="//www.apache.org/dist/httpd/Announcement2.2.html">Official
 Announcement</a> and
 the <a href="[preferred]/httpd/CHANGES_2.2">CHANGES_2.2</a> or condensed
@@ -326,13 +327,13 @@ verify our releases.</p>
 signature file for the relevant distribution. Make sure you get these files
 from the <a href="//www.apache.org/dist/httpd/">main distribution directory</a>
,
 rather than from a mirror. Then verify the signatures using</p>
-<p><code>% pgpk -a KEYS<br></br>% pgpv httpd-2.4.27.tar.gz.asc <br></br></code>
+<p><code>% pgpk -a KEYS<br></br>% pgpv httpd-2.4.28.tar.gz.asc <br></br></code>
 <em>or</em> <br></br><code>% pgp -ka KEYS<br></br>%
pgp
-httpd-2.4.27.tar.gz.asc <br></br></code> <em>or</em> <br></br><code>%
gpg --import
-KEYS<br></br>% gpg --verify httpd-2.4.27.tar.gz.asc httpd-2.4.27.tar.gz</code></p>
+httpd-2.4.28.tar.gz.asc <br></br></code> <em>or</em> <br></br><code>%
gpg --import
+KEYS<br></br>% gpg --verify httpd-2.4.28.tar.gz.asc httpd-2.4.28.tar.gz</code></p>
 <ul>
 <li>
-<p>httpd-2.4.27.tar.* are signed by Jim Jagielski <code>791485A8</code>
</p>
+<p>httpd-2.4.28.tar.* are signed by Jim Jagielski <code>791485A8</code>
</p>
 </li>
 <li>
 <p>httpd-2.2.34.tar.* are signed by William A Rowe Jr <code>B55D9977(9088F565)</code>
</p>

Modified: websites/staging/httpd/trunk/content/index.html
==============================================================================
--- websites/staging/httpd/trunk/content/index.html (original)
+++ websites/staging/httpd/trunk/content/index.html Thu Oct  5 16:26:19 2017
@@ -117,15 +117,15 @@ standards.</p>
 April 1996. It has celebrated its 20th birthday as a project in February 2015.</p>
 <p>The Apache HTTP Server is a project of <a href="http://www.apache.org/">The
Apache Software
 Foundation</a>.</p>
-<h1 id="apache-httpd-2427-released-2017-07-11">Apache httpd 2.4.27 Released <span>2017-07-11</span><a
class="headerlink" href="#apache-httpd-2427-released-2017-07-11" title="Permanent link">&para;</a></h1>
+<h1 id="apache-httpd-2428-released-2017-10-05">Apache httpd 2.4.28 Released <span>2017-10-05</span><a
class="headerlink" href="#apache-httpd-2428-released-2017-10-05" title="Permanent link">&para;</a></h1>
 <p>The Apache Software Foundation and the Apache HTTP Server Project are
 pleased to
 <a href="http://www.apache.org/dist/httpd/Announcement2.4.html">announce</a>
the
-release of version 2.4.27 of the Apache HTTP Server ("httpd").</p>
+release of version 2.4.28 of the Apache HTTP Server ("httpd").</p>
 <p>This latest release from the 2.4.x stable branch represents the best available
 version of Apache HTTP Server.</p>
-<p class="centered"><a href="download.cgi#apache24">Download</a> | <a
href="http://www.apache.org/dist/httpd/CHANGES_2.4.27">ChangeLog for
-2.4.27</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.4">Complete
ChangeLog for
+<p class="centered"><a href="download.cgi#apache24">Download</a> | <a
href="http://www.apache.org/dist/httpd/CHANGES_2.4.28">ChangeLog for
+2.4.28</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.4">Complete
ChangeLog for
 2.4</a> |  <a href="docs/trunk/new_features_2_4.html">New Features in httpd
 2.4</a></p>
 <h1 id="apache-httpd-2234-released-end-of-life-2017-07-11">Apache httpd 2.2.34 Released
End-of-Life <span>2017-07-11</span><a class="headerlink" href="#apache-httpd-2234-released-end-of-life-2017-07-11"
title="Permanent link">&para;</a></h1>

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml Thu Oct  5 16:26:19
2017
@@ -1,6 +1,6 @@
 <security updated="20170921">
 
-<issue fixed="2.4.28-dev" reported="20170712" public="20170918" released="">
+<issue fixed="2.4.28" reported="20170712" public="20170918" released="20171005">
 <cve name="CVE-2017-9798"/>
 <severity level="4">low</severity>
 <title>Use-after-free when using &lt;Limit &gt; with an unrecognized method
in .htaccess ("OptionsBleed")</title>

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Thu Oct  5 16:26:19
2017
@@ -106,8 +106,8 @@ in a "-dev" release then this means that
 the development source tree and will be part of an upcoming full release.</p><p>
This page is created from a database of vulnerabilities originally
 populated by Apache Week.  Please send comments or corrections for
 these vulnerabilities to the <a href="/security_report.html">Security
-Team</a>.  </p><p><em>The initial GA release, Apache httpd 2.4.1,
includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and
all older releases.  Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2
vulnerabilities list</a> for more information.</em></p><br/><h1
id="2.4.28-dev">
-Fixed in Apache httpd 2.4.28-dev</h1><dl>
+Team</a>.  </p><p><em>The initial GA release, Apache httpd 2.4.1,
includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and
all older releases.  Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2
vulnerabilities list</a> for more information.</em></p><br/><h1
id="2.4.28">
+Fixed in Apache httpd 2.4.28</h1><dl>
   <dt>
     <h3 id="CVE-2017-9798">low:
     <name name="CVE-2017-9798">Use-after-free when using &lt;Limit &gt; with
an unrecognized method in .htaccess ("OptionsBleed")</name>
@@ -139,6 +139,10 @@ We would like to thank Hanno Böck for
         <td class="cve-value">18th September 2017</td>
       </tr>
       <tr>
+        <td class="cve-header">Update Released</td>
+        <td class="cve-value">5th October 2017</td>
+      </tr>
+      <tr>
         <td class="cve-header">Affects</td>
         <td class="cve-value">2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17,
2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
       </tr>



Mime
View raw message