You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by William A Rowe Jr <wr...@rowe-clan.net> on 2017/10/25 22:46:14 UTC

Re: [users@httpd] RE: [ANNOUNCE] Apache HTTP Server 2.4.29 Released

Actually, that was in APR-util 1.6.1, see the APR release announcement
and Craig's
users@httpd post.



On Wed, Oct 25, 2017 at 4:02 PM, Craig Young <cy...@tripwire.com> wrote:
> I’m not sure if this is what is referred to in the Apache 2.4.29 announcement, but please note that the Apache Portable Runtime v1.6.3 release resolved memory safety issues I found in functions used within HTTP server.  This was released in conjunction with 2.4.29.
>
> Using HTTP server linked to prior versions of APR exposes the risks outlined in my email sent to this list on Monday.
>
> Best Regards,
> Craig
>
> On 10/25/17, 1:05 PM, "Development Manager" <de...@speedlinesolutions.com> wrote:
>
>     The 2.4.29 changes document doesn't reference any CVE articles, though the announcement indicates that this is a security release. Are any of the 2.4.29 changes security related?
>
>     Thanks,
>     Jim
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     For additional commands, e-mail: users-help@httpd.apache.org
>
>
>