[Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released

Apache HTTP Server 2.2.3 Released The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 2.2.3 of the Apache HTTP Server (Apache). This version of Apache is principally a bug and security fix release. The following

[Announce] New (relocated) modules-dev@httpd.apache.org list

Following a vote on dev@httpd.apache.org, and with input from the project participants on the [EMAIL PROTECTED] Authors' discussion list, the httpd project is pleased to announce the creation of a new modules-dev list at httpd.apache.org. Current subscribers to the apache-modules list will not be

Apache Portable Runtime 1.2.12 Released

Apache Portable Runtime 1.2.12 Released The Apache Software Foundation and the Apache Portable Runtime Project are proud to announce the General Availability of version 1.2.12 of the APR Apache Portable Runtime library. The Project further announces the General Availability of

[announce] Apache HTTP Server 2.2.17 and 2.0.64 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.17 of the Apache HTTP Server (Apache). This version of Apache is principally a bug fix release, and a security fix release of the APR-util 1.3.10 dependency; *

[Announce] Apache HTTP Server 2.2.18 Released

Apache HTTP Server 2.2.18 Released The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.18 of the Apache HTTP Server (Apache). This version of Apache is principally a bug fix release, and a

Apache HTTP Server 2.2.21 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.21 of the Apache HTTP Server (Apache). This version of Apache is principally a security and bug fix release: * SECURITY: CVE-2011-3348 (cve.mitre.org)

CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest

CVE-2017-9788: Uninitialized memory reflection in mod_auth_digest Severity: Important Vendor: The Apache Software Foundation Versions Affected: all versions through 2.2.33 and 2.4.26 Description: The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or

CVE-2017-9789: Apache httpd 2.4 Read after free in mod_http2

CVE-2017-9789: Read after free in mod_http2.c Severity: Important Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.26 Description: When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in