httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: Next update
Date Wed, 31 Aug 2011 17:20:28 GMT
Note some additional improvements for a 'final' update 3 advisory...

We aught to mention that mod_header or mod_rewrite and mod_setenvif
are required for their respective workarounds, this apparently confuses
some beginning users.

We aught to mention that backend/application servers are not protected
from odd Range: constructs passed through mod_proxy.

We aught to add the release 2.2.20 as solution #1.

We aught to add reference to patches published at;

  http://www.apache.org/dist/httpd/patches/apply_to_2.2.19/
  http://www.apache.org/dist/httpd/patches/apply_to_2.0.64/

We must advise that 1.3 is not affected, per our further research,
although we can note that the default configuration (MaxClients etc)
may already be inappropriate in any number of distributions, and
remind administrators to tune their configuration to gracefully handle
the maximum volume of requests.


Mime
View raw message