libapreq2-2.15 Released
The Apache Software Foundation and The Apache HTTP Server Project
are pleased to announce the 2.15 release of libapreq2. This
Announcement notes significant changes introduced by this release.
libapreq2-2.15 is released under the Apache License
version 2.0. It is now available through the ASF mirrors
https://httpd.apache.org/apreq/download.cgi
libapreq2 is an APR-based shared library used for parsing HTTP cookies,
query-strings and POST data. This package provides
1) version 2.8.1 of the libapreq2 library,
2) mod_apreq2, a filter module necessary for using libapreq2
within the Apache HTTP Server,
3) the Apache2::Request, Apache2::Cookie, and Apache2::Upload
perl modules for using libapreq2 with mod_perl2.
========================================================================
Changes with libapreq2-2.15 (released November 12, 2020)
- SECURITY: CVE-2019-12412 (cve.mitre.org)
C API [Max Kellermann]
Fix a NULL pointer dereference when parsing malformed
multipart data in apreq_parse_multipart().
- C API [Yann Ylavic]
In apreq_brigade_concat(), fix memory handling and create
the FILE bucket correctly.
- Build [Petr Pisar]
Fix "make release" on Unix.
