On 1/22/19 8:09 AM, Stefan Priebe - Profihost AG wrote:
in twitter and other social media channels they're talking about a
current apache 0 day:
which wasn't handled / isn't currently fixed.
Some details are here:
If this is true there will be exploits soon. Is there anything planned?
Does 2.4.38 fix those issues?
Hi Stefan, and good morning.
I figured I should write something to calm people that might be concerned.
I will reply in length in a while (coffee is needed first), it takes
time to write a proper response that explains our processes and
considerations with issues like this, especially when people start
hyping the matter. Such is social media, I guess.
Until then, I will say quickly that we do not at present consider this
something you should be alarmed about. Boring elaboration to follow in a
while when I have compiled it :)
Daniel, speaking as just a normal committer.