httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: Release date for Apache 2.2.32
Date Mon, 24 Oct 2016 17:04:19 GMT
On Mon, Oct 24, 2016 at 10:15 AM, Brian King <briandking@gmail.com> wrote:

> Is there a planned target date for the release of apache 2.2.32?
>
> Security scanning products (E.g. Rapid7) are recommending upgrading apache
> to 2.2.32 because of the July announcement regarding httpoxy:
>
> http://marc.info/?l=apache-httpd-dev&m=146885266605438&w=2
> https://www.apache.org/security/asf-httpoxy-response.txt
>

As pointed out in that second link, the issue is trivial to resolve, sadly
scanning projects rarely test for vulnerabilities, so you might just
patch your 2.2.31 to report itself as 2.2.32 and be done with it for now.

Back to your first question, 2.2.32 will be prepared at the same time
as we prepare the 2.4.24 release, but there is no calendar/schedule
per se.  Current conversations about 2.4.24 are pointing towards
the end of this month, that discussion is right here on this list.

Mime
View raw message