On Wed, Jun 14, 2017 at 4:12 PM, William A Rowe Jr <wr...@rowe-clan.net> wrote: > > Please note that Apache Web Server Project will only provide maintenance > releases of the 2.2.x flavor through June of 2017, and will provide some > security patches beyond this date through at least December of 2017. > Minimal maintenance patches of 2.2.x are expected throughout this period, > and users are strongly encouraged to promptly complete their transitions > to the the 2.4.x flavor of httpd to benefit from a much larger assortment > of minor security and bug fixes as well as new features.
Just FYI, we've just about reached the 50% inflection point I anticipated, it likely happens around the end of July; https://w3techs.com/technologies/history_details/ws-apache/2 Now this might suggest that continuing to release 2.2 is important, but that would be a misunderstanding of what "apache 2.2" means; https://w3techs.com/technologies/details/ws-apache/2.2/all As the list illustrates, 5 months later, only 2.5% of the 2.2 sites (~0.6% or so of the total apache sites) had updated to 2.2.32 released in Jan. Given the text above, this shouldn't come as a surprise, since users likely adopted 2.4 rather than updating to another 2.2 release. The majority of these 2.2 sites simply won't be updating their version of httpd 2.2 again until their entire site is redeployed to a new server. You can contrast this to the behavior of 2.4 administrators; https://w3techs.com/technologies/details/ws-apache/2.4/all Here, over 25% of 2.4 sites adopted 2.4.25 during the same time period. Publishing security patches will help different vendors coordinate the patches used to correct legacy releases they support, but will likely not have a great impact on the typical httpd user, directly. We are facing diminishing odds of users installing a 2.2 maintenance release or patch from sources.
