Jeff (specifically), could you please clear up any concerns on the SECURITY: CVE-2011-4317 STATUS item from the 2.0 branch?
If someone would quickly review the mod_rewrite escape-args fix, I believe we are ready for the final 2.0.65 tag, which I would like to accomplish today. I would like this final release and retirement to occur before July, which means tagging today, concluding a vote Sat so the mirrors catch up Sun. If we have another vote supporting only the -SSLv2 / default ciphers bits from rjung's proposed patch to httpd.conf.in - then I'm also happy to kill SSLv2 from the default config of this final tarball. I've gone ahead and created a patch of that small subset for consideration in http://people.apache.org/~wrowe/2.0-ssl-noV2.patch Prior to tagging, I intend to modify STATUS as follows; APACHE 2.0 STATUS: -*-text-*- Last modified at [$Date$] -The current version of this file can be found at: - * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/STATUS - -Documentation status is maintained seperately and can be found at: - - * docs/STATUS in this source tree, or - * http://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x/docs/STATUS - -Consult the following STATUS files for information on related projects: - - * http://svn.apache.org/repos/asf/apr/apr/branches/0.9.x/STATUS - * http://svn.apache.org/repos/asf/apr/apr-util/branches/0.9.x/STATUS - -Consult the trunk/ for all new development and documentation efforts: - - * http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS - * http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/STATUS - - Release history: - 2.0.65 : In maintainance. + 2.0.65 : Tagged and Retired June ##, 2013. 2.0.64 : Released October 19, 2010. 2.0.63 : Released January 19, 2008. 2.0.62 : Tagged January 4, 2008. Not released. -Contributors looking for a mission: - - * Just do an egrep on "TODO" or "XXX" in the source. - - * Review the bug database at: http://issues.apache.org/bugzilla/ - - * Review the "PatchAvailable" bugs in the bug database: - - http://issues.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Apache+httpd-2.0&keywords=PatchAvailable - - After testing, you can append a comment saying "Reviewed and tested". - - * Open bugs in the bug database. - - CURRENT RELEASE NOTES: - * Forward binary compatibility is expected of Apache 2.0.x releases, such - that no MMN major number changes will occur. Such changes can only be - made in the trunk. - - * All commits to branches/2.0.x must be reflected in SVN trunk, - as well, if they apply. Logical progression is commit to trunk, - get feedback and votes on list or in STATUS, then merge into - branches/2.2.x, and finally merge into branches/2.0.x, as applicable. + + ** THIS BRANCH IS CLOSED TO DEVELOPMENT AND MAINTENANCE ** + * Refer to the development trunk and maintained/stable branches for current + activity; + http://svn.apache.org/repos/asf/httpd/httpd/trunk/STATUS -RELEASE SHOWSTOPPERS: - - -PATCHES ACCEPTED TO BACKPORT FROM TRUNK: - [ start all new proposals below, under PATCHES PROPOSED. ] - - -PATCHES PROPOSED TO BACKPORT FROM TRUNK: - [ please place SVN revisions from trunk here, so it is easy to - identify exactly what the proposed changes are! Add all new - proposals to the end of this list. ] - -PATCHES TO BACKPORT THAT ARE ON HOLD OR NOT GOING ANYWHERE SOON: - +UNADDRESSED ISSUES:
