On httpd.apache.org is at 2.059:
The Apache HTTP Server Project is *proud* to announce the legacy...
At 1.3.37
The Apache Group is *pleased* to announce the legacy...
Is the project is still proud to announce 2.0.x ?
Steffen
----- Original Message -----
From: "William A. Rowe, Jr." <[EMAIL PROTECTED]>
To: <dev@httpd.apache.org>
Cc: <bugtraq@securityfocus.com>; <full-disclosure@lists.grok.org.uk>
Sent: Thursday, August 03, 2006 11:58
Subject: Re: [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37)
Released
Philip M. Gollucci wrote:
William A. Rowe, Jr. wrote:
Apache HTTP Server 2.2.3 Released
...
CVE-2006-3747: An off-by-one flaw exists in the Rewrite module,
mod_rewrite, as shipped with Apache 1.3 since 1.3.28, 2.0 since
2.0.46,
and 2.2 since 2.2.0.
Is a release in the 2.0.x (2.0.59) soon to follow ?
If you continued reading a few para's down...
Apache HTTP Server 1.3.37 and 2.0.59 legacy releases are also available
with this security fix. See the appropriate CHANGES from the url above.
The Apache HTTP Project developers strongly encourage all users to
migrate to Apache 2.2, as only limited maintenance is performed on these
legacy versions.
We don't expect to be publishing simultaneous spam for the old flavors
every
time we release the main version; essentially it propagates the idea that
the
1.3 / 2.0 branches are actively developed and maintained. We will likely
fix
security flaws as they come up, but most of the time a single announcement
suffices. (Oh, and check out the subject line too :)
Bill
