Re: mod_wasm: Contributing Upstream to Apache

2023-03-10 Thread SteffenAL
Done, version 0.10.3 available on the VS17 download page. Cheers, Steffen On Thursday 09/03/2023 at 16:34, Jesús González wrote: Hola! We just released a mod_wasm security update (v0.10.3) to address two recently disclosed CVEs (one critical) of Wasmtime, the WebAssembly runtime

Re: mod_wasm: Contributing Upstream to Apache

2023-03-10 Thread Jesús González
Great! Thanks Steffen.

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

2023-03-10 Thread giovanni
On 3/10/23 16:33, Eric Covener wrote: Saw another report on users@ Any thoughts on something like this to just allow spaces? http://people.apache.org/~covener/patches/rewrite-lax.diff that makes sense, any other possible char that we should allow other then spaces ? Giovanni (this is

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

2023-03-10 Thread Fossies Administrator
On Fri, 10 Mar 2023, Eric Covener wrote: Saw another report on users@ Any thoughts on something like this to just allow spaces? http://people.apache.org/~covener/patches/rewrite-lax.diff (this is off my $bigco fork so may not actually apply) On Thu, Mar 9, 2023 at 3:08 PM BUSH Steve wrote:

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

2023-03-10 Thread Roy T. Fielding
On Mar 10, 2023, at 8:56 AM, Yann Ylavic wrote: > On Fri, Mar 10, 2023 at 4:34 PM Eric Covener wrote: >> >> Saw another report on users@ >> >> Any thoughts on something like this to just allow spaces? >> http://people.apache.org/~covener/patches/rewrite-lax.diff > > What about: > > Index:

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

2023-03-10 Thread Eric Covener
On Fri, Mar 10, 2023 at 11:57 AM Yann Ylavic wrote: > > On Fri, Mar 10, 2023 at 4:34 PM Eric Covener wrote: > > > > Saw another report on users@ > > > > Any thoughts on something like this to just allow spaces? > > http://people.apache.org/~covener/patches/rewrite-lax.diff > > What about: > >

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

2023-03-10 Thread Eric Covener
Saw another report on users@ Any thoughts on something like this to just allow spaces? http://people.apache.org/~covener/patches/rewrite-lax.diff (this is off my $bigco fork so may not actually apply) On Thu, Mar 9, 2023 at 3:08 PM BUSH Steve wrote: > > >> Maybe we can slip an additional entry

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

2023-03-10 Thread Yann Ylavic
On Fri, Mar 10, 2023 at 4:34 PM Eric Covener wrote: > > Saw another report on users@ > > Any thoughts on something like this to just allow spaces? > http://people.apache.org/~covener/patches/rewrite-lax.diff What about: Index: modules/mappers/mod_rewrite.c

Re: [VOTE] [VOTE] Release httpd-2.4.56-rc1 as httpd-2.4.56

2023-03-10 Thread Eric Covener
> Allowing a space to be sent within the proxied request target is not an > option, > regardless of how the user has configured the server. The CVE fix was just to > prevent an invalid target sent from us. This context in mod_rewrite is not specific to proxying. The CVE is addressed in a similar