This always happens, remember you must send announcement.*@a.o mail from an @a.o address. Which is extra confusing if you haven't set up the SMTP validation yet.
On Tue, Jun 1, 2021 at 4:07 PM Christophe JAILLET <[email protected]> wrote: > > Le 01/06/2021 à 03:07, William A Rowe Jr a écrit : > > Christophe, thanks for your energetic efforts to kick off the next release! > > > > I looked for the post but couldn't find it, the community is confused. > > Is this release pulled for regressions? It hasn't been communicated > > well, but the release is sitting on every mirror, since 6 to 24 hours > > after you placed it on dist. > > > > Inquiring minds would like to know, you seem to confirm this release in > > this specific post, so it appears that it has happened, even if adopting > > it is unwise. > > > > Hi, > > 2.4.48 is live now. > > However, the mails sent on [email protected] and [email protected] seem to not > have reached their destination yet. > Maybe a moderation issue on the lists. > > As you can see, there is also some security related fixes. There are > listed at [1]. > > I still need to figure out a few things with our new CVE management > mechanism. So our vulnerability listing ([2]) with some more details is > not updated yet. I hope to be able to update it in the coming days. > > Most CVE fixed in this release are rated from moderate to low impact. > Only one, CVE-2021-31618 is rated as important and could be exploited > for some DoS. > > Christophe JAILLET > > > [1]: https://downloads.apache.org/httpd/CHANGES_2.4.48 > [2]: https://httpd.apache.org/security/vulnerabilities_24.html
