Following the announcement link, it isn't clear that https://httpd.apache.org/security/vulnerabilities_24.html
fixes issues in 2.4.46. Should the fixed-in be promoted to the revision of Apache HTTP Server actually published (released) by the project? It almost reads like "fixed in 2.4.46-dev" (which 0-day disclosures are described as, until a release is actually published.) On Wed, Aug 5, 2020 at 6:32 AM Daniel Ruggeri <dan...@bitnebula.com> wrote: > Hi, all; > > With 12 binding PMC +1 votes, two additional +1 votes from the > community, and no -1 votes, I'm pleased to report that the vote has > PASSED to release 2.4.46. I will begin the process of pushing to the > distribution mirrors which should enable us for a Friday announcement - > a great way to wrap up the week! > > Here are the votes I recorded during the thread: > PMC > jailletc36, steffenal, elukey, jorton, jfclere, ylavic, covener, > gbechis, gsmith, druggeri, jblond, rjung > > Community > Noel Butler, wrowe > > -- > Daniel Ruggeri > > On 8/1/2020 9:13 AM, Daniel Ruggeri wrote: > > Hi, all; > > Third time is a charm! Please find below the proposed release tarball > > and signatures: > > https://dist.apache.org/repos/dist/dev/httpd/ > > > > I would like to call a VOTE over the next few days to release this > > candidate tarball as 2.4.46: > > [ ] +1: It's not just good, it's good enough! > > [ ] +0: Let's have a talk. > > [ ] -1: There's trouble in paradise. Here's what's wrong. > > > > The computed digests of the tarball up for vote are: > > sha1: 15adb7eb3dc97e89c8a4237901a9d6887056ab98 *httpd-2.4.46.tar.gz > > sha256: 44b759ce932dc090c0e75c0210b4485ebf6983466fb8ca1b446c8168e1a1aec2 > > *httpd-2.4.46.tar.gz > > sha512: > > > 5801c1dd0365f706a5e2365e58599b5adac674f3c66b0f39249909841e6cdf16bfdfe001fbd668f323bf7b6d14b116b5e7af49867d456336fad5e685ba020b15 > > *httpd-2.4.46.tar.gz > > > > The SVN tag is '2.4.46' at r1880505. > > > >
