[Bug 1945274] Re: security updates are breaking mod_wsgi apps
Ok so whilst this worked in the past, this was more by chance than by design since as documented upstream[1]: If the first argument ends with a trailing /, the second argument should also end with a trailing /, and vice versa. Otherwise, the resulting requests to the backend may miss some needed slashes and do not deliver the expected results. As such I don't think this should be considered a regression due to the update in apache2 for CVE-2021-36160. [1] https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass ** Changed in: apache2 (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1945274 Title: security updates are breaking mod_wsgi apps To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1945274] Re: security updates are breaking mod_wsgi apps
We are using ProxyPass "/placement" "unix:/var/run/uwsgi/placement- api.socket|uwsgi://uwsgi-uds-placement-api/" retry=0 If I replace that by ProxyPass "/placement" "unix:/var/run/uwsgi/placement- api.socket|uwsgi://uwsgi-uds-placement-api" retry=0 things are working fine again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1945274 Title: security updates are breaking mod_wsgi apps To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1945274] Re: security updates are breaking mod_wsgi apps
so the culprit seems to be CVE-2021-36160.patch , if I build the focal version without that patch, the issue is resolved ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-36160 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1945274 Title: security updates are breaking mod_wsgi apps To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs