On Monday, 5 December 2016 21:13:04 CET Salvatore Bonaccorso wrote: > CVE-2016-8740 was announced for apache, CVE-2016-8740, Server memory > can be exhausted and service denied when HTTP/2 is used.
There are a few more security issues fixed in the pending 2.4.24 release. I will wait a bit more in the hope that this is released soonish. Stefan