Thanks for the explanation and sorry about the wrong alarm!
Best regards,
Rainer
Am 06.08.2020 um 00:31 schrieb Daniel Ruggeri:
Hi, Rainer;
Right - this file gets rewritten by the announce.sh script just before
the notification goes out. This is done to ensure that the date is
correct and to ensure the type of release (bug, security, enhancement)
is correct. It appears as though the file was just changed, but really
it's just because the text was bumped as-is from the 'dev' location to
the 'dist' location.
--
Daniel Ruggeri
On August 5, 2020 7:23:33 AM CDT, Rainer Jung <rainer.j...@kippdata.de>
wrote:
Could you fix the date (September 21, 2018 sems wrong).
Thanks!
Rainer
Am 05.08.2020 um 13:32 schrieb drugg...@apache.org:
Author: druggeri
Date: Wed Aug 5 11:32:51 2020
New Revision: 40863
Log:
Push 2.4.46 up to the release directory
Added:
release/httpd/CHANGES_2.4.46
- copied unchanged from r40862, dev/httpd/CHANGES_2.4.46
release/httpd/httpd-2.4.46.tar.bz2
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2
release/httpd/httpd-2.4.46.tar.bz2.asc
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.asc
release/httpd/httpd-2.4.46.tar.bz2.md5
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.md5
release/httpd/httpd-2.4.46.tar.bz2.sha1
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha1
release/httpd/httpd-2.4.46.tar.bz2.sha256
- copied unchanged from r40862,
dev/httpd/httpd-2.4.46.tar.bz2.sha256
release/httpd/httpd-2.4.46.tar.bz2.sha512
- copied unchanged from r40862,
dev/httpd/httpd-2.4.46.tar.bz2.sha512
release/httpd/httpd-2.4.46.tar.gz
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz
release/httpd/httpd-2.4.46.tar.gz.asc
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.asc
release/httpd/httpd-2.4.46.tar.gz.md5
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.md5
release/httpd/httpd-2.4.46.tar.gz.sha1
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha1
release/httpd/httpd-2.4.46.tar.gz.sha256
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha256
release/httpd/httpd-2.4.46.tar.gz.sha512
- copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha512
Removed:
dev/httpd/CHANGES_2.4
dev/httpd/CHANGES_2.4.46
dev/httpd/httpd-2.4.46-deps.tar.bz2
dev/httpd/httpd-2.4.46-deps.tar.bz2.asc
dev/httpd/httpd-2.4.46-deps.tar.bz2.md5
dev/httpd/httpd-2.4.46-deps.tar.bz2.sha1
dev/httpd/httpd-2.4.46-deps.tar.bz2.sha256
dev/httpd/httpd-2.4.46-deps.tar.bz2.sha512
dev/httpd/httpd-2.4.46-deps.tar.gz
dev/httpd/httpd-2.4.46-deps.tar.gz.asc
dev/httpd/httpd-2.4.46-deps.tar.gz.md5
dev/httpd/httpd-2.4.46-deps.tar.gz.sha1
dev/httpd/httpd-2.4.46-deps.tar.gz.sha256
dev/httpd/httpd-2.4.46-deps.tar.gz.sha512
dev/httpd/httpd-2.4.46.tar.bz2
dev/httpd/httpd-2.4.46.tar.bz2.asc
dev/httpd/httpd-2.4.46.tar.bz2.md5
dev/httpd/httpd-2.4.46.tar.bz2.sha1
dev/httpd/httpd-2.4.46.tar.bz2.sha256
dev/httpd/httpd-2.4.46.tar.bz2.sha512
dev/httpd/httpd-2.4.46.tar.gz
dev/httpd/httpd-2.4.46.tar.gz.asc
dev/httpd/httpd-2.4.46.tar.gz.md5
dev/httpd/httpd-2.4.46.tar.gz.sha1
dev/httpd/httpd-2.4.46.tar.gz.sha256
dev/httpd/httpd-2.4.46.tar.gz.sha512
Modified:
release/httpd/Announcement2.4.html
release/httpd/Announcement2.4.txt
release/httpd/CHANGES_2.4
Modified: release/httpd/Announcement2.4.html
------------------------------------------------------------------------
--- release/httpd/Announcement2.4.html (original)
+++ release/httpd/Announcement2.4.html Wed Aug 5 11:32:51 2020
@@ -49,27 +49,27 @@
<div class="banner"></div>
<h1>
- Apache HTTP Server 2.4.43 Released
+ Apache HTTP Server 2.4.46 Released
</h1>
<p>
- April 01, 2020
+ September 21, 2018
</p>
<p>
The Apache Software Foundation and the Apache HTTP Server
Project are
pleased to <a
href="https://www.apache.org/dist/httpd/Announcement2.4.html">announce</a>
- the release of version 2.4.43 of the Apache
+ the release of version 2.4.46 of the Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
- a security, feature and bug fix release.
+ a feature and bug fix release.
</p>
<p>
We consider this release to be the best version of Apache
available, and
encourage users of all prior versions to upgrade.
</p>
<p>
- Apache HTTP Server 2.4.43 is available for download from:
+ Apache HTTP Server 2.4.46 is available for download from:
</p>
<dl>
<dd><a href="https://httpd.apache.org/download.cgi"
@@ -77,7 +77,7 @@
</dl>
<p>
Please see the <a href="./CHANGES_2.4">CHANGES_2.4</a> file,
linked from the download page, for a
- full list of changes. A condensed list, <a
href="./CHANGES_2.4.43">CHANGES_2.4.43</a> includes only
+ full list of changes. A condensed list, <a
href="./CHANGES_2.4.46">CHANGES_2.4.46</a> includes only
those changes introduced since the prior 2.4 release. A summary
of all
of the security vulnerabilities addressed in this and earlier
releases
is available:
Modified: release/httpd/Announcement2.4.txt
------------------------------------------------------------------------
--- release/httpd/Announcement2.4.txt (original)
+++ release/httpd/Announcement2.4.txt Wed Aug 5 11:32:51 2020
@@ -1,19 +1,19 @@
- Apache HTTP Server 2.4.43 Released
+ Apache HTTP Server 2.4.46 Released
- April 01, 2020
+ September 21, 2018
The Apache Software Foundation and the Apache HTTP Server Project
- are pleased to announce the release of version 2.4.43 of the
Apache
+ are pleased to announce the release of version 2.4.46 of the
Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
recommended over all previous releases. This release of Apache is
- a security, feature and bug fix release.
+ a feature and bug fix release.
We consider this release to be the best version of Apache
available, and
encourage users of all prior versions to upgrade.
- Apache HTTP Server 2.4.43 is available for download from:
+ Apache HTTP Server 2.4.46 is available for download from:
https://httpd.apache.org/download.cgi
@@ -24,7 +24,7 @@
https://httpd.apache.org/docs/trunk/new_features_2_4.html
Please see the CHANGES_2.4 file, linked from the download page,
for a
- full list of changes. A condensed list, CHANGES_2.4.43
includes only
+ full list of changes. A condensed list, CHANGES_2.4.46
includes only
those changes introduced since the prior 2.4 release. A summary
of all
of the security vulnerabilities addressed in this and earlier
releases
is available:
Modified: release/httpd/CHANGES_2.4
------------------------------------------------------------------------
--- release/httpd/CHANGES_2.4 (original)
+++ release/httpd/CHANGES_2.4 Wed Aug 5 11:32:51 2020
@@ -1,6 +1,78 @@
-*- coding: utf-8 -*-
+Changes with Apache 2.4.46
+ *) mod_proxy_fcgi: Fix build warnings for Windows platform
+ [Eric Covener, Christophe Jaillet]
+
+Changes with Apache 2.4.45
+
+ *) mod_http2: remove support for abandoned http-wg draft
+ <https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.
+ [Stefan Eissing]
+
+Changes with Apache 2.4.44
+
+ *) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
+ protocol limit). [Yann Ylavic]
+
+ *) mod_http2:
+ Fixes <https://github.com/icing/mod_h2/issues/200>:
+ "LimitRequestFields 0" now disables the limit, as documented.
+ Fixes <https://github.com/icing/mod_h2/issues/201>:
+ Do not count repeated headers with same name against the field
+ count limit. The are merged internally, as if sent in a single
HTTP/1 line.
+ [Stefan Eissing]
+
+ *) mod_http2: Avoid segfaults in case of handling certain
responses for
+ already aborted connections. [Stefan Eissing, Ruediger Pluem]
+
+ *) mod_http2: The module now handles master/secondary
connections and has marked
+ methods according to use. [Stefan Eissing]
+
+ *) core: Drop an invalid Last-Modified header value coming
+ from a FCGI/CGI script instead of replacing it with Unix epoch.
+ [Yann Ylavic, Luca Toscano]
+
+ *) Add support for strict content-length parsing through
addition of
+ ap_parse_strict_length() [Yann Ylavic]
+
+ *) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when
expression
+ evaluates to false. PR64365. [Michael König <mail ikoenig.net>]
+
+ *) mod_proxy_http: flush spooled request body in one go to avoid
+ leaking (or long lived) temporary file. PR 64452. [Yann Ylavic]
+
+ *) mod_ssl: Fix a race condition and possible crash when using
a proxy client
+ certificate (SSLProxyMachineCertificateFile).
+ [Armin Abfalterer <a.abfalterer gmail.com>]
+
+ *) mod_ssl: Fix memory leak in stapling code. PR63687. [Stefan
Eissing]
+
+ *) mod_http2: Fixed regression that no longer set H2_STREAM_ID
and H2_STREAM_TAG.
+ PR64330 [Stefan Eissing]
+
+ *) mod_http2: Fixed regression that caused connections to
close when mod_reqtimeout
+ was configured with a handshake timeout. Fixes gitub issue #196.
+ [Stefan Eissing]
+
+ *) mod_proxy_http2: the "ping" proxy parameter
+ (see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>)
is now used
+ when checking the liveliness of a new or reused h2 connection
to the backend.
+ With short durations, this makes load-balancing more
responsive. The module
+ will hold back requests until ping conditions are met, using
features of the
+ HTTP/2 protocol alone. [Ruediger Pluem, Stefan Eissing]
+
+ *) core: httpd is no longer linked against -lsystemd if
mod_systemd
+ is enabled (and built as a DSO). [Rainer Jung]
+
+ *) mod_proxy_http2: respect ProxyTimeout settings on backend
connections
+ while waiting on incoming data. [Ruediger Pluem, Stefan Eissing]
+
Changes with Apache 2.4.43
+ *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann
Ylavic]
+
+Changes with Apache 2.4.42
+
*) SECURITY: CVE-2020-1934 (cve.mitre.org)
mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
server. [Eric Covener]
@@ -10,10 +82,6 @@ Changes with Apache 2.4.43
matches and substitutions with encoded line break characters.
The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]
- *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann
Ylavic]
-
-Changes with Apache 2.4.42
-
*) mod_proxy_http: Fix the forwarding of requests with content
body when a
balancer member is unavailable; the retry on the next member was
issued
with an empty body (regression introduced in 2.4.41). PR63891.