On Fri, 2017-07-28 at 15:02 -0500, Ben Harper wrote: > Greetings, > > I have some questions regarding the life cycle of the different versions > of apr and apr-util that the 'Version Numbers' page did not fully > answer. Different projects handle life cycle differently. Some only > support the latest version, while others support several versions > concurrently. Is only 1.6 support or will 1.5 still get updates?
The distinction is less important than with some projects. 1.5 is unlikely to get updates now unless hit by some serious security issue. But 1.6 is really just an incremental update on 1.5: the main reason for the version bump is how it deals with third-party dependencies: expat is unbundled, and more up-to-date versions of some other libraries are supported. > The project I work with (ius.io) currently packages apr 1.5 and apr-util > 1.5 so we can package httpd. We are trying to determine if we need to > upgrade these packages. The latest httpd packages APR 1.6: it resolves some issues for them. Including security issue cve-2012-0876 for users who use the bundled expat. Ultimately if you don't upgrade, you may find your users clamouring for more up-to-date versions of libraries like mysql and openssl than will build (cleanly, out-of-the-box) with 1.5. -- Nick Kew
