httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nathan Neulinger" <>
Subject Re: 1.1.1
Date Mon, 08 Jul 1996 19:45:31 GMT
> 1) None of these are security holes

Not necessarily a security hole, but it certainly is a "server becomes useless" hole. 

The rewrite support will suddenly break... i.e. before, someone accidentally had 
"Redirect / whatever" in their .htaccess, and it never did anything. Now, it will 
redirect the root of the server, making the server essentially useless, since none of the

pages on it will work right.

> 2) Very few people are likely to be affected by the bugs, those who are
>    are likely to be able to apply a patch.

Well, two of my sites are affected by it.

> 3) We are *bound* to find more bugs of similar stature in the near future - 
>    should we release a 1.1.x every week?
> 4) Releasing a bugfix release so soon makes the problems sound far worse
>    than they are.

Don't necessarily make a big deal about it... Just put up 1.1.1 and call it "a suggested 
upgrade", though not critical.

-- Nathan

Nathan Neulinger                  Univ. of Missouri - Rolla
EMail:                    Computer Center
WWW:      SysAdmin:

View raw message