httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christophe JAILLET <christophe.jail...@wanadoo.fr>
Subject Re: [RESULT - PASS] Release httpd-2.4.48
Date Tue, 01 Jun 2021 21:07:37 GMT
Le 01/06/2021 à 03:07, William A Rowe Jr a écrit :
> Christophe, thanks for your energetic efforts to kick off the next release!
> 
> I looked for the post but couldn't find it, the community is confused. 
> Is this release pulled for regressions? It hasn't been communicated 
> well, but the release is sitting on every mirror, since 6 to 24 hours 
> after you placed it on dist.
> 
> Inquiring minds would like to know, you seem to confirm this release in 
> this specific post, so it appears that it has happened, even if adopting 
> it is unwise.
> 

Hi,

2.4.48 is live now.

However, the mails sent on annouce@a.o and annouce@httpd.a.o seem to not 
have reached their destination yet.
Maybe a moderation issue on the lists.

As you can see, there is also some security related fixes. There are 
listed at [1].

I still need to figure out a few things with our new CVE management 
mechanism. So our vulnerability listing ([2]) with some more details is 
not updated yet. I hope to be able to update it in the coming days.

Most CVE fixed in this release are rated from moderate to low impact. 
Only one, CVE-2021-31618 is rated as important and could be exploited 
for some DoS.

Christophe JAILLET


[1]: https://downloads.apache.org/httpd/CHANGES_2.4.48
[2]: https://httpd.apache.org/security/vulnerabilities_24.html

Mime
View raw message