httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel <dferra...@gmail.com>
Subject Re: [Announcement] Apache HTTP Server 2.2.34 Released
Date Wed, 12 Jul 2017 09:47:06 GMT
Hello,

Just FYI

http://httpd.apache.org/download.cgi is still pointing to 2.2.32
version and thus gives a 404 when trying to download.

I don't know how to fix that, but I guess it is worth mentioning it.

2017-07-11 17:33 GMT+02:00 William A Rowe Jr <wrowe@apache.org>:
>    July 11, 2017
>
>    The Apache Software Foundation and the Apache HTTP Server Project
>    announce the release of version 2.2.34 of the Apache HTTP Server
>    ("Apache"), the final maintenance release of the 2.2 series. No
>    further 2.2 releases are anticipated. This version of Apache is
>    principally a security and bug fix maintenance release.
>
>    We consider the current Apache HTTP Server 2.4 release to be the best
>    version of Apache available, and encourage every user of 2.2 and all
>    prior versions to upgrade. This final 2.2 release is offered for those
>    unable to upgrade at this moment.
>
>    Take note that Apache Web Server Project will provide no future release
>    of the 2.2.x series, although some security patches may be published
>    through December of 2017. These will be collected at the URL;
>
>      http://www.apache.org/dist/httpd/patches/apply_to_2.2.34/
>
>    No further maintenance patches of 2.2.x will be published. Users are
>    strongly encouraged to promptly complete their transitions to the
>    2.4.x flavor of httpd to receive any future benefit from the user
>    community or the Apache HTTP Server project developers.
>
>    For further details about the currently supported release, see:
>
>      http://www.apache.org/dist/httpd/Announcement2.4.txt
>
>    Apache HTTP Server 2.4 and 2.2.34 are available for download from:
>
>      http://httpd.apache.org/download.cgi
>
>    Please see the CHANGES_2.2 file, linked from the download page, for a
>    full list of changes. A condensed list, CHANGES_2.2.34 includes only
>    those changes introduced since the prior 2.2 release. A summary of all
>    of the security vulnerabilities addressed in this and earlier releases
>    is available:
>
>      http://httpd.apache.org/security/vulnerabilities_22.html
>
>    Note that the Apache HTTP Server project will discontinue evaluations
>    and corresponding advisories to this resource effective January, 2018.
>
>    This release includes the Apache Portable Runtime (APR) version 1.5.2
>    and APR Utility Library (APR-util) version 1.5.4, bundled with the tar
>    and zip distributions. The APR libraries libapr and libaprutil (and
>    on Win32, libapriconv version 1.2.1) must all be updated to ensure
>    binary compatibility and address many known security and platform bugs.
>    APR version 1.5 and APR-util version 1.5 represent minor version upgrades
>    from earlier httpd 2.2 source distributions.
>
>    Note this package also includes very stale and known-vulnerable versions
>    of the Expat [http://expat.sourceforge.net/] and PCRE [http://www.pcre.org/]
>    packages. Users are strongly encouraged to first install the most recent
>    versions of these components (of PCRE 8.x, not PCRE2 10.x at this time.)
>
>    This release builds on and extends the Apache 2.0 API and is superceeded
>    by the Apache 2.4 API. Modules written for Apache 2.2 will need to be
>    recompiled in order to run with Apache 2.4, and most will require minimal
>    or no source code changes.



-- 
Daniel Ferradal
IT Specialist

email         dferradal at gmail.com
linkedin     es.linkedin.com/in/danielferradal

Mime
View raw message