summaryrefslogtreecommitdiffstats
path: root/CHANGES
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-05 10:00:10 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-05 10:00:10 +0000
commit3204e211a1e248154ff95b90b6a7e29cfa92069c (patch)
tree79f901498145b63bf34e9981a013f3d9b52eafc2 /CHANGES
parentAdding upstream version 2.4.61. (diff)
downloadapache2-3204e211a1e248154ff95b90b6a7e29cfa92069c.tar.xz
apache2-3204e211a1e248154ff95b90b6a7e29cfa92069c.zip
Adding upstream version 2.4.62.upstream/2.4.62upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--CHANGES34
1 files changed, 33 insertions, 1 deletions
diff --git a/CHANGES b/CHANGES
index eea1e55..cd86fe7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,38 @@
-*- coding: utf-8 -*-
+Changes with Apache 2.4.62
+
+ *) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for
+ "balancer:" URLs set via SetHandler, also allowing for "unix:" sockets
+ with BalancerMember(s). PR 69168. [Yann Ylavic]
+
+ *) mod_proxy: Avoid AH01059 parsing error for SetHandler "unix:" URLs.
+ PR 69160 [Yann Ylavic]
+
+ *) mod_ssl: Fix crashes in PKCS#11 ENGINE support with OpenSSL 3.2.
+ [Joe Orton]
+
+ *) mod_ssl: Add support for loading certs/keys from pkcs11: URIs
+ via OpenSSL 3.x providers. [Ingo Franzki <ifranzki linux.ibm.com>]
+
+ *) mod_ssl: Restore SSL dumping on trace7 loglevel with OpenSSL >= 3.0.
+ [Ruediger Pluem, Yann Ylavic]
+
+ *) mpm_worker: Fix possible warning (AH00045) about children processes not
+ terminating timely. [Yann Ylavic]
+
Changes with Apache 2.4.61
+ *) SECURITY: CVE-2024-39884: Apache HTTP Server: source code
+ disclosure with handlers configured via AddType (cve.mitre.org)
+ A regression in the core of Apache HTTP Server 2.4.60 ignores
+ some use of the legacy content-type based configuration of
+ handlers. "AddType" and similar configuration, under some
+ circumstances where files are requested indirectly, result in
+ source code disclosure of local content. For example, PHP
+ scripts may be served instead of interpreted.
+ Users are recommended to upgrade to version 2.4.61, which fixes
+ this issue.
+
Changes with Apache 2.4.60
*) SECURITY: CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy
@@ -67,7 +99,7 @@ Changes with Apache 2.4.60
crafted requests.
Credits: Orange Tsai (@orange_8361) from DEVCORE
- *) SECURITY: CVE-2024-38472: Apache HTTP Server on WIndows UNC SSRF
+ *) SECURITY: CVE-2024-38472: Apache HTTP Server on Windows UNC SSRF
(cve.mitre.org)
SSRF in Apache HTTP Server on Windows allows to potentially leak
NTML hashes to a malicious server via SSRF and malicious