httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: Fwd: [users@httpd] Invalid URI in request OPTIONS * HTTP/1.0
Date Fri, 06 Jan 2012 16:36:54 GMT
On 1/6/2012 8:32 AM, Eric Covener wrote:
> Looks like SuSE backported the trunk fix which misfires on the
> internally dummy conn.
> 
> STATUS says we were thinking of flipping this to declined.  Looks like
> a good idea?

This is consistent with failing to populate

    https://dist.apache.org/repos/dist/release/httpd/patches/apply_to_2.2.21/

with the right security patches, leaving the world to guess at a fix.

I'm volunteering to roll 2.2.22 Monday or as quickly thereafter as

  1. all known [and undisclosed] vulnerabilities fixes are committed, and

  2. all those patches reside in apply_to_2.2.21/

Likewise, I'm offering the same for 2.0.65 on the same or following day
(whatever that turns out to be).

I'm casting my -1 on all 2.3.x/2.4.0 candidates which have security patches
that had not been recorded in the corresponding

    https://dist.apache.org/repos/dist/release/httpd/patches/apply_to_2.3.16/

since we asked users to deploy that beta; we owe them that courtesy.

We've gotten really, really schlocky about getting the code into users hands,
releases themselves notwithstanding.


Mime
View raw message