Thanks will. Just downloaded it and will install it later today or
early tomorrow first on my test machine.
Regards,
William A. Rowe Jr. wrote:
> Apache HTTP Server 2.2.19 Released
>
> The Apache Software Foundation and the Apache HTTP Server Project are
> pleased to announce the release of version 2.2.19 of the Apache HTTP
> Server ("Apache"). This version of Apache is principally a bug fix
> release, correcting regressions in the httpd 2.2.18 package; the use
> of that previous 2.2.18 package is discouraged due to these flaws:
>
> * SECURITY: CVE-2011-1928 (cve.mitre.org)
> A fix in bundled APR 1.4.4 apr_fnmatch() to address CVE-2011-0419
> introduced a new vulnerability. httpd workers enter a hung state
> (100% cpu utilization) after updating to APR 1.4.4. Upgrading to
> APR 1.4.5 bundled with the httpd 2.2.19 package, or using APR 1.4.3
> or prior with the 'IgnoreClient' option of the 'IndexOptions'
> directive will circumvent both issues.
>
> * httpd 2.2.18: The ap_unescape_url_keep2f() function signature was
> inadvertantly changed. This breaks binary compatibility of a number
> of third-party modules. This httpd-2.2.19 package restores the
> function signature provided by 2.2.17 and prior.
>
> We consider this release to be the best version of Apache available, and
> encourage users of all prior versions to upgrade.
>
> Apache HTTP Server 2.2.19 is available for download from:
>
> http://httpd.apache.org/download.cgi
>
> Please see the CHANGES_2.2 file, linked from the download page, for a
> full list of changes. A condensed list, CHANGES_2.2.19 provides the
> complete list of changes since 2.2.18. A summary of all of the security
> vulnerabilities addressed in this and earlier releases is available:
>
> http://httpd.apache.org/security/vulnerabilities_22.html
>
> This release includes the Apache Portable Runtime (APR) version 1.4.5
> and APR Utility Library (APR-util) version 1.3.12, bundled with the tar
> and zip distributions. The APR libraries libapr and libaprutil (and
> on Win32, libapriconv version 1.2.1) must all be updated to ensure
> binary compatibility and address many known security and platform bugs.
>
> Apache 2.2 offers numerous enhancements, improvements, and performance
> boosts over the 2.0 codebase. For an overview of new features
> introduced since 2.0 please see:
>
> http://httpd.apache.org/docs/2.2/new_features_2_2.html
>
> This release builds on and extends the Apache 2.0 API. Modules written
> for Apache 2.0 will need to be recompiled in order to run with Apache
> 2.2, and require minimal or no source code changes.
>
> http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING
>
> When upgrading or installing this version of Apache, please bear in mind
> that if you intend to use Apache with one of the threaded MPMs (other
> than the Prefork MPM), you must ensure that any modules you will be
> using (and the libraries they depend on) are thread-safe.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [email protected]
> " from the digest: [email protected]
> For additional commands, e-mail: [email protected]
>
>
