> On 29 Aug 2018, at 16:08, William Kimball Jr. <wwapa...@kimballstuff.com> > wrote: > > Speaking of suggestions, may I please suggest closing a glaring security hole > in apr_dbd_mysql, per https://bz.apache.org/bugzilla/show_bug.cgi?id=62342? I > have provided diffs for 1.5 -- because my organization uses RHEL 7, which > uses APR 1.5 -- and 2.0 -- because someone on this list instructed me to do > so. I'm happy to do the same for 1.6.
Thanks, that looks as if it makes sense. Currently we're looking at an APR-1.6 release ASAP. Not APR-UTIL, which is where an apr_dbd patch applies, so this isn't of immediate concern. But yes, it looks like something we should patch for future releases. -- Nick Kew