You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2014/09/02 07:14:17 UTC
svn commit: r1621918 - in /httpd/site/trunk/content: download.mdtext
index.mdtext security/vulnerabilities_13.sh security/vulnerabilities_20.sh
security_report.mdtext
Author: wrowe
Date: Tue Sep 2 05:14:16 2014
New Revision: 1621918
URL: http://svn.apache.org/r1621918
Log:
Prep 2.2.29 release datum. Excise all 2.0 references, and 1.3/2.0 security
pages which are simply not maintained. I claim this on the basis that none
of the security issues impacting 2.2 corrected in 2.2.29 are noted in the
security .xml crosstab yet, so even shipping flavors aren't kept current.
Will clean out www.a.o/dist/httpd of 2.0 artifacts in a couple days after
the main site is synced. These remain available, as noted in /download,
from the archive site.
Please do -not- update the site for the next 18-24 hrs, tyia.
Removed:
httpd/site/trunk/content/security/vulnerabilities_13.sh
httpd/site/trunk/content/security/vulnerabilities_20.sh
Modified:
httpd/site/trunk/content/download.mdtext
httpd/site/trunk/content/index.mdtext
httpd/site/trunk/content/security_report.mdtext
Modified: httpd/site/trunk/content/download.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/download.mdtext?rev=1621918&r1=1621917&r2=1621918&view=diff
==============================================================================
--- httpd/site/trunk/content/download.mdtext (original)
+++ httpd/site/trunk/content/download.mdtext Tue Sep 2 05:14:16 2014
@@ -23,9 +23,9 @@ mirrors. You **must** [verify the integ
files using signatures downloaded from our main distribution directory.
Only current recommended releases are available on the main distribution
-site and its mirrors. Older releases, including the 1.3 family of releases,
-are available from the [archive download
-site.](http://archive.apache.org/dist/httpd/)
+site and its mirrors. Older releases, including the 1.3 and 2.0 families
+of releases, are available from the
+[archive download site](http://archive.apache.org/dist/httpd/).
Stable Release - Latest Version:
@@ -33,11 +33,7 @@ Stable Release - Latest Version:
Legacy Release - 2.2 Branch:
-- [2.2.27](#apache22) (released 2014-03-26)
-
-Historical Release:
-
-- [2.0.65](#apache20) (released 2013-07-09)
+- [2.2.29](#apache22) (released 2014-03-26)
If you are downloading the Win32 distribution, please read these [important
notes]([preferred]/httpd/binaries/win32/README.html).
@@ -87,15 +83,15 @@ the [CHANGES_2.4]([preferred]/httpd/CHAN
- [Other files]([preferred]/httpd/)
-# Apache HTTP Server 2.2.27 (httpd) <span>2014-03-26</span> # {#apache22}
+# Apache HTTP Server 2.2.29 (httpd) <span>2014-09-02</span> # {#apache22}
The Apache HTTP Server Project is pleased to announce the release of Apache
-HTTP Server (httpd) version 2.2.27.
+HTTP Server (httpd) version 2.2.29.
For details see the [Official
Announcement](http://www.apache.org/dist/httpd/Announcement2.2.html) and
the [CHANGES_2.2]([preferred]/httpd/CHANGES_2.2) or condensed
-[CHANGES_2.2.27]([preferred]/httpd/CHANGES_2.2.27) lists
+[CHANGES_2.2.29]([preferred]/httpd/CHANGES_2.2.29) lists
Add-in modules for Apache 2.0 are not compatible with Apache 2.2. If you
are running third party add-in modules, you must obtain modules compiled or
@@ -103,16 +99,16 @@ updated for Apache 2.2 from that third p
from these previous versions. Modules compiled for Apache 2.2 should
continue to work for all 2.2.x releases.
-- Source: [httpd-2.2.27.tar.gz]([preferred]/httpd/httpd-2.2.27.tar.gz)
-[ [PGP](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.gz.asc) ] [
-[MD5](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.gz.md5) ] [
-[SHA1](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.gz.sha1) ]
+- Source: [httpd-2.2.29.tar.gz]([preferred]/httpd/httpd-2.2.29.tar.gz)
+[ [PGP](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.gz.asc) ] [
+[MD5](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.gz.md5) ] [
+[SHA1](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.gz.sha1) ]
- Source:
-[httpd-2.2.27.tar.bz2]([preferred]/httpd/httpd-2.2.27.tar.bz2) [
-[PGP](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.bz2.asc) ] [
-[MD5](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.bz2.md5) ] [
-[SHA1](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.bz2.sha1) ]
+[httpd-2.2.29.tar.bz2]([preferred]/httpd/httpd-2.2.29.tar.bz2) [
+[PGP](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.bz2.asc) ] [
+[MD5](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.bz2.md5) ] [
+[SHA1](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.bz2.sha1) ]
- [Binaries]([preferred]/httpd/binaries/)
@@ -120,76 +116,11 @@ continue to work for all 2.2.x releases.
- [Other files]([preferred]/httpd/)
-# Apache HTTP Server 2.0.65 Final is also available <span>2013-07-09</span> # {#apache20}
-
-Apache 2.0.65 is the final historical release of the 2.0 series, and is
-recommended over any previous 2.0 release. No further releases will occur, and
-all users are directed to install stable 2.4 or legacy 2.2 releases instead.
-This release fixes a few potential security vulnerabilites.
-
-For details see the [Official
-Announcement](http://www.apache.org/dist/httpd/Announcement2.0.html) and
-the [CHANGES_2.0]([preferred]/httpd/CHANGES_2.0) and
-[CHANGES_2.0.65]([preferred]/httpd/CHANGES_2.0.65) lists.
-
-Apache 2.0 add-in modules are not compatible with Apache 2.2 modules. If
-you are running third party add-in modules, you will need to obtain modules
-compiled for or compatible with Apache 2.0 from that third party, before
-you attempt to use this specific release.
-
-- Source: [httpd-2.0.65.tar.gz]([preferred]/httpd/httpd-2.0.65.tar.gz)
-[ [PGP](http://www.apache.org/dist/httpd/httpd-2.0.65.tar.gz.asc) ] [
-[MD5](http://www.apache.org/dist/httpd/httpd-2.0.65.tar.gz.md5) ]
-
-- Source:
-[httpd-2.0.65.tar.bz2]([preferred]/httpd/httpd-2.0.65.tar.bz2) [
-[PGP](http://www.apache.org/dist/httpd/httpd-2.0.65.tar.bz2.asc) ] [
-[MD5](http://www.apache.org/dist/httpd/httpd-2.0.65.tar.bz2.md5) ]
-
-- Win32 Source:
-[httpd-2.0.65-win32-src.zip]([preferred]/httpd/httpd-2.0.65-win32-src.zip)
-[ [PGP](http://www.apache.org/dist/httpd/httpd-2.0.65-win32-src.zip.asc) ]
-[ [MD5](http://www.apache.org/dist/httpd/httpd-2.0.65-win32-src.zip.md5) ]
-
-- Win32 Binary without crypto (no mod_ssl) (MSI Installer):
-[httpd-2.0.65-win32-x86-no_ssl.msi]([preferred]/httpd/binaries/win32/httpd-2.0.65-win32-x86-no_ssl.msi)
-[
-[PGP](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-no_ssl.msi.asc)
-] [
-[MD5](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-no_ssl.msi.md5)
-] [
-[SHA1](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-no_ssl.msi.sha1)
-]
-
-- Win32 Binary including OpenSSL 0.9.8y (MSI Installer):
-[httpd-2.0.65-win32-x86-openssl-0.9.8y.msi]([preferred]/httpd/binaries/win32/httpd-2.0.65-win32-x86-openssl-0.9.8y.msi)
-[
-[PGP](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.asc)
-] [
-[MD5](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.md5)
-] [
-[SHA1](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.sha1)
-]
-
-- NetWare Binary:
-[apache_2.0.65-netware.zip]([preferred]/httpd/binaries/netware/apache_2.0.65-netware.zip)
-[
-[PGP](http://www.apache.org/dist/httpd/binaries/netware/apache_2.0.65-netware.zip.asc)
-] [
-[MD5](http://www.apache.org/dist/httpd/binaries/netware/apache_2.0.65-netware.zip.md5)
-] [
-[SHA1](http://www.apache.org/dist/httpd/binaries/netware/apache_2.0.65-netware.zip.sha1)
-]
-
-- [Security and official patches]([preferred]/httpd/patches/)
-
-- [Other files]([preferred]/httpd/)
-
# Apache mod_fcgid FastCGI module for Apache HTTP Server released as 2.3.9 <span>2013-10-08</span> # {#mod_fcgid}
The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the release of version 2.3.9 of mod_fcgid, a FastCGI
-implementation for Apache HTTP Server versions 2.0, 2.2, and 2.4. This
+implementation for Apache HTTP Server versions 2.2 and 2.4. This
version of mod_fcgid is a security release.
For information about this module subproject, see the [mod_fcgid module
@@ -294,17 +225,10 @@ KEYS<br></br>% gpg --verify httpd-2.2.0.
- httpd-2.4.10.tar.* are signed by Jim Jagielski `791485A8`
-- httpd-2.2.27.tar.* are signed by William A Rowe Jr `9088F565(7F7214A7)`
-
-- httpd-2.0.65.tar.* are signed by William A Rowe Jr `9088F565(7F7214A7)`
+- httpd-2.2.29.tar.* are signed by William A Rowe Jr `9088F565(7F7214A7)`
- httpd_2.4.10-netware-*.zip signed by Guenter Knauf `E55B0D0E(31D9665F)`
-- httpd-2.0.65-win32-src.zip and .msi signed by William A Rowe Jr
-`9088F565(7F7214A7)`
-
-- apache_2.0.65-netware-*.zip signed by Guenter Knauf `E55B0D0E(CB11FC40)`
-
- mod_fcgid-2.3.9.tar.* and mod_fcgid-2.3.9-crlf.zip are signed by Jeff
Trawick `39FF092C`
Modified: httpd/site/trunk/content/index.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/index.mdtext?rev=1621918&r1=1621917&r2=1621918&view=diff
==============================================================================
--- httpd/site/trunk/content/index.mdtext (original)
+++ httpd/site/trunk/content/index.mdtext Tue Sep 2 05:14:16 2014
@@ -51,11 +51,11 @@ Parser, and a Small Object Caching API.
2.4](http://www.apache.org/dist/httpd/CHANGES_2.4) | [ChangeLog for just
2.4.10](http://www.apache.org/dist/httpd/CHANGES_2.4.10) # {.centered}
-# Apache httpd 2.2.27 Released <span>2014-03-26</span>
+# Apache httpd 2.2.29 Released <span>2014-09-02</span>
The Apache HTTP Server Project is proud to
[announce](http://www.apache.org/dist/httpd/Announcement2.2.html) the
-release of version 2.2.27 of the Apache HTTP Server ("httpd"). This version
-is principally a bugfix release.
+release of version 2.2.29 of the Apache HTTP Server ("httpd"). This version
+is a security and bugfix release.
This version of httpd is a major release of the 2.2 legacy branch. [New
features](docs/2.2/new_features_2_2.html) include Smart Filtering, Improved
@@ -64,29 +64,9 @@ File Support, the Event MPM, and refacto
[Download](download.cgi) | [New Features in httpd
2.2](docs/2.2/new_features_2_2.html) | [ChangeLog for
-2.2.27](http://www.apache.org/dist/httpd/CHANGES_2.2.27) | [Complete
+2.2.29](http://www.apache.org/dist/httpd/CHANGES_2.2.29) | [Complete
ChangeLog for 2.2](http://www.apache.org/dist/httpd/CHANGES_2.2) # {.centered}
-# Apache httpd 2.0.65 Released and Retired<span>2013-07-09</span>
-The Apache HTTP Server Project has ended legacy development of the 2.0 legacy
-branch, and [announces](http://www.apache.org/dist/httpd/Announcement2.0.html)
-the conclusive, historical release of version 2.0.65 of Apache HTTP Server
-("httpd"). No further releases will occur for the 2.0 version family.
-
-This version of httpd represents the last security and bugfix release of 2.0,
-although it is by no means all-inclusive of either security nor bug fixes. The
-Apache HTTP Project developers strongly encourage all users to finish their
-migrations to stable version 2.4 or the legacy version 2.2 for additional,
-important updates.
-
-For further details, see the
-[announcement](http://www.apache.org/dist/httpd/Announcement2.0.html).
-
-[Download](download.cgi) | [New Features in httpd
-2.0](docs/2.0/new_features_2_0.html) | [ChangeLog for
-2.0.65](http://www.apache.org/dist/httpd/CHANGES_2.0.65) | [Complete
-ChangeLog for 2.0](http://www.apache.org/dist/httpd/CHANGES_2.0) # {.centered}
-
# Want to try out the Apache HTTP Server?
Great! We have updated our [download page](/download.cgi) in an effort to
better utilize our mirrors. We hope that by making it easier to use our
Modified: httpd/site/trunk/content/security_report.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security_report.mdtext?rev=1621918&r1=1621917&r2=1621918&view=diff
==============================================================================
--- httpd/site/trunk/content/security_report.mdtext (original)
+++ httpd/site/trunk/content/security_report.mdtext Tue Sep 2 05:14:16 2014
@@ -25,10 +25,6 @@ Server are available:
- [Apache 2.2 Security Vulnerabilities](/security/vulnerabilities_22.html)
-- [Apache 2.0 Security Vulnerabilities](/security/vulnerabilities_20.html)
-
-- [Apache 1.3 Security Vulnerabilities](/security/vulnerabilities_13.html)
-
To get notification of when new security issues are fixed, join the [Apache
HTTP Server Announcements
list](http://httpd.apache.org/lists.html#http-announce)