Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 5ED49200BEF for ; Wed, 4 Jan 2017 13:06:04 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 5DBF7160B3A; Wed, 4 Jan 2017 12:06:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id A3B42160B39 for ; Wed, 4 Jan 2017 13:06:03 +0100 (CET) Received: (qmail 47179 invoked by uid 500); 4 Jan 2017 12:06:02 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 47169 invoked by uid 99); 4 Jan 2017 12:06:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 04 Jan 2017 12:06:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 882DD185F63 for ; Wed, 4 Jan 2017 12:06:01 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -5.3 X-Spam-Level: X-Spam-Status: No, score=-5.3 tagged_above=-999 required=6.31 tests=[RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.999, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id lc8TL774J_AC for ; Wed, 4 Jan 2017 12:05:59 +0000 (UTC) Received: from mailserver.kippdata.de (capsella.kippdata.de [195.227.30.149]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id DF30B5FDE7 for ; Wed, 4 Jan 2017 12:05:58 +0000 (UTC) Received: from [10.0.110.6] ([192.168.2.104]) by mailserver.kippdata.de (8.13.5/8.13.5) with ESMTP id v04C5p3K025370 for ; Wed, 4 Jan 2017 13:05:51 +0100 (CET) To: users@httpd.apache.org References: <135728da20984063820d24157ec3b3a0@BC1Mail1.SpeedLine.local> From: Rainer Jung Message-ID: <5ef20570-8164-6fb2-bf67-0e3026567a55@kippdata.de> Date: Wed, 4 Jan 2017 13:05:51 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [users@httpd] Re: Next version of Apache 2.2? archived-at: Wed, 04 Jan 2017 12:06:04 -0000 Am 03.01.2017 um 23:19 schrieb Good guy: > On 03/01/2017 21:31, Development Manager wrote: >> CVE-2016-8743 was patched/mitigated in Apache 2.4 but is still an >> outstanding issue in 2.2, according to >> https://security-tracker.debian.org/tracker/CVE-2016-8743. >> >> Is there a plan to rebase it to 2.2? If so, do you know when? >> The reason I ask is PCI DSS requires that we have all vulnerabilities >> patched within 30 days, and it's been 2 weeks since 2.4 was patched. >> > 2.2 is dead and finished. It is time to move to 2.4. Nobody is working > on 2.2 as far as I know. The backport vote for the fix is ongoing and likely there will be a release soon after the fix will have been voted into 2.2. But it might be it will be published after your 30 days deadline. In general "yes": if you can, you should migrate to 2.4. Regards, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org