httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From William A Rowe Jr <wr...@rowe-clan.net>
Subject Re: [RESULT - PASS] Release httpd-2.4.48
Date Tue, 01 Jun 2021 22:46:24 GMT
This always happens, remember you must send announcement.*@a.o mail
from an @a.o address. Which is extra confusing if you haven't set up
the SMTP validation yet.

On Tue, Jun 1, 2021 at 4:07 PM Christophe JAILLET
<christophe.jaillet@wanadoo.fr> wrote:
>
> Le 01/06/2021 à 03:07, William A Rowe Jr a écrit :
> > Christophe, thanks for your energetic efforts to kick off the next release!
> >
> > I looked for the post but couldn't find it, the community is confused.
> > Is this release pulled for regressions? It hasn't been communicated
> > well, but the release is sitting on every mirror, since 6 to 24 hours
> > after you placed it on dist.
> >
> > Inquiring minds would like to know, you seem to confirm this release in
> > this specific post, so it appears that it has happened, even if adopting
> > it is unwise.
> >
>
> Hi,
>
> 2.4.48 is live now.
>
> However, the mails sent on annouce@a.o and annouce@httpd.a.o seem to not
> have reached their destination yet.
> Maybe a moderation issue on the lists.
>
> As you can see, there is also some security related fixes. There are
> listed at [1].
>
> I still need to figure out a few things with our new CVE management
> mechanism. So our vulnerability listing ([2]) with some more details is
> not updated yet. I hope to be able to update it in the coming days.
>
> Most CVE fixed in this release are rated from moderate to low impact.
> Only one, CVE-2021-31618 is rated as important and could be exploited
> for some DoS.
>
> Christophe JAILLET
>
>
> [1]: https://downloads.apache.org/httpd/CHANGES_2.4.48
> [2]: https://httpd.apache.org/security/vulnerabilities_24.html

Mime
View raw message