You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2014/09/02 07:14:17 UTC

svn commit: r1621918 - in /httpd/site/trunk/content: download.mdtext index.mdtext security/vulnerabilities_13.sh security/vulnerabilities_20.sh security_report.mdtext

Author: wrowe
Date: Tue Sep  2 05:14:16 2014
New Revision: 1621918

URL: http://svn.apache.org/r1621918
Log:

  Prep 2.2.29 release datum.  Excise all 2.0 references, and 1.3/2.0 security
  pages which are simply not maintained.  I claim this on the basis that none
  of the security issues impacting 2.2 corrected in 2.2.29 are noted in the
  security .xml crosstab yet, so even shipping flavors aren't kept current.

  Will clean out www.a.o/dist/httpd of 2.0 artifacts in a couple days after
  the main site is synced.  These remain available, as noted in /download,
  from the archive site.

  Please do -not- update the site for the next 18-24 hrs, tyia.


Removed:
    httpd/site/trunk/content/security/vulnerabilities_13.sh
    httpd/site/trunk/content/security/vulnerabilities_20.sh
Modified:
    httpd/site/trunk/content/download.mdtext
    httpd/site/trunk/content/index.mdtext
    httpd/site/trunk/content/security_report.mdtext

Modified: httpd/site/trunk/content/download.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/download.mdtext?rev=1621918&r1=1621917&r2=1621918&view=diff
==============================================================================
--- httpd/site/trunk/content/download.mdtext (original)
+++ httpd/site/trunk/content/download.mdtext Tue Sep  2 05:14:16 2014
@@ -23,9 +23,9 @@ mirrors. You **must**  [verify the integ
 files using signatures downloaded from our main distribution directory.
 
 Only current recommended releases are available on the main distribution
-site and its mirrors. Older releases, including the 1.3 family of releases,
-are available from the [archive download
-site.](http://archive.apache.org/dist/httpd/) 
+site and its mirrors. Older releases, including the 1.3 and 2.0 families
+of releases, are available from the 
+[archive download site](http://archive.apache.org/dist/httpd/). 
 
 Stable Release - Latest Version:
 
@@ -33,11 +33,7 @@ Stable Release - Latest Version:
 
 Legacy Release - 2.2 Branch:
 
--  [2.2.27](#apache22) (released 2014-03-26)
-
-Historical Release:
-
--  [2.0.65](#apache20) (released 2013-07-09)
+-  [2.2.29](#apache22) (released 2014-03-26)
 
 If you are downloading the Win32 distribution, please read these [important
 notes]([preferred]/httpd/binaries/win32/README.html).
@@ -87,15 +83,15 @@ the [CHANGES_2.4]([preferred]/httpd/CHAN
 
 -  [Other files]([preferred]/httpd/) 
 
-# Apache HTTP Server 2.2.27 (httpd) <span>2014-03-26</span> # {#apache22}
+# Apache HTTP Server 2.2.29 (httpd) <span>2014-09-02</span> # {#apache22}
 
 The Apache HTTP Server Project is pleased to announce the release of Apache
-HTTP Server (httpd) version 2.2.27.
+HTTP Server (httpd) version 2.2.29.
 
 For details see the [Official
 Announcement](http://www.apache.org/dist/httpd/Announcement2.2.html) and
 the [CHANGES_2.2]([preferred]/httpd/CHANGES_2.2) or condensed
-[CHANGES_2.2.27]([preferred]/httpd/CHANGES_2.2.27) lists
+[CHANGES_2.2.29]([preferred]/httpd/CHANGES_2.2.29) lists
 
 Add-in modules for Apache 2.0 are not compatible with Apache 2.2. If you
 are running third party add-in modules, you must obtain modules compiled or
@@ -103,16 +99,16 @@ updated for Apache 2.2 from that third p
 from these previous versions. Modules compiled for Apache 2.2 should
 continue to work for all 2.2.x releases.
 
-- Source: [httpd-2.2.27.tar.gz]([preferred]/httpd/httpd-2.2.27.tar.gz)
-[ [PGP](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.gz.asc) ] [
-[MD5](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.gz.md5) ] [
-[SHA1](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.gz.sha1) ]
+- Source: [httpd-2.2.29.tar.gz]([preferred]/httpd/httpd-2.2.29.tar.gz)
+[ [PGP](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.gz.asc) ] [
+[MD5](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.gz.md5) ] [
+[SHA1](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.gz.sha1) ]
 
 - Source:
-[httpd-2.2.27.tar.bz2]([preferred]/httpd/httpd-2.2.27.tar.bz2) [
-[PGP](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.bz2.asc) ] [
-[MD5](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.bz2.md5) ] [
-[SHA1](http://www.apache.org/dist/httpd/httpd-2.2.27.tar.bz2.sha1) ]
+[httpd-2.2.29.tar.bz2]([preferred]/httpd/httpd-2.2.29.tar.bz2) [
+[PGP](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.bz2.asc) ] [
+[MD5](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.bz2.md5) ] [
+[SHA1](http://www.apache.org/dist/httpd/httpd-2.2.29.tar.bz2.sha1) ]
 
 - [Binaries]([preferred]/httpd/binaries/) 
 
@@ -120,76 +116,11 @@ continue to work for all 2.2.x releases.
 
 -  [Other files]([preferred]/httpd/) 
 
-# Apache HTTP Server 2.0.65 Final is also available <span>2013-07-09</span> # {#apache20}
-
-Apache 2.0.65 is the final historical release of the 2.0 series, and is
-recommended over any previous 2.0 release. No further releases will occur, and
-all users are directed to install stable 2.4 or legacy 2.2 releases instead.
-This release fixes a few potential security vulnerabilites.
-
-For details see the [Official
-Announcement](http://www.apache.org/dist/httpd/Announcement2.0.html) and
-the [CHANGES_2.0]([preferred]/httpd/CHANGES_2.0) and
-[CHANGES_2.0.65]([preferred]/httpd/CHANGES_2.0.65) lists.
-
-Apache 2.0 add-in modules are not compatible with Apache 2.2 modules. If
-you are running third party add-in modules, you will need to obtain modules
-compiled for or compatible with Apache 2.0 from that third party, before
-you attempt to use this specific release.
-
-- Source: [httpd-2.0.65.tar.gz]([preferred]/httpd/httpd-2.0.65.tar.gz)
-[ [PGP](http://www.apache.org/dist/httpd/httpd-2.0.65.tar.gz.asc) ] [
-[MD5](http://www.apache.org/dist/httpd/httpd-2.0.65.tar.gz.md5) ]
-
-- Source:
-[httpd-2.0.65.tar.bz2]([preferred]/httpd/httpd-2.0.65.tar.bz2) [
-[PGP](http://www.apache.org/dist/httpd/httpd-2.0.65.tar.bz2.asc) ] [
-[MD5](http://www.apache.org/dist/httpd/httpd-2.0.65.tar.bz2.md5) ]
-
-- Win32 Source:
-[httpd-2.0.65-win32-src.zip]([preferred]/httpd/httpd-2.0.65-win32-src.zip)
-[ [PGP](http://www.apache.org/dist/httpd/httpd-2.0.65-win32-src.zip.asc) ]
-[ [MD5](http://www.apache.org/dist/httpd/httpd-2.0.65-win32-src.zip.md5) ]
-
-- Win32 Binary without crypto (no mod_ssl) (MSI Installer):
-[httpd-2.0.65-win32-x86-no_ssl.msi]([preferred]/httpd/binaries/win32/httpd-2.0.65-win32-x86-no_ssl.msi)
-[
-[PGP](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-no_ssl.msi.asc)
-] [
-[MD5](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-no_ssl.msi.md5)
-] [
-[SHA1](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-no_ssl.msi.sha1)
-]
-
-- Win32 Binary including OpenSSL 0.9.8y (MSI Installer):
-[httpd-2.0.65-win32-x86-openssl-0.9.8y.msi]([preferred]/httpd/binaries/win32/httpd-2.0.65-win32-x86-openssl-0.9.8y.msi)
-[
-[PGP](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.asc)
-] [
-[MD5](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.md5)
-] [
-[SHA1](http://www.apache.org/dist/httpd/binaries/win32/httpd-2.0.65-win32-x86-openssl-0.9.8y.msi.sha1)
-]
-
-- NetWare Binary:
-[apache_2.0.65-netware.zip]([preferred]/httpd/binaries/netware/apache_2.0.65-netware.zip)
-[
-[PGP](http://www.apache.org/dist/httpd/binaries/netware/apache_2.0.65-netware.zip.asc)
-] [
-[MD5](http://www.apache.org/dist/httpd/binaries/netware/apache_2.0.65-netware.zip.md5)
-] [
-[SHA1](http://www.apache.org/dist/httpd/binaries/netware/apache_2.0.65-netware.zip.sha1)
-]
-
--  [Security and official patches]([preferred]/httpd/patches/) 
-
--  [Other files]([preferred]/httpd/) 
-
 # Apache mod_fcgid FastCGI module for Apache HTTP Server released as 2.3.9 <span>2013-10-08</span> # {#mod_fcgid}
 
 The Apache Software Foundation and the Apache HTTP Server Project are
 pleased to announce the release of version 2.3.9 of mod_fcgid, a FastCGI
-implementation for Apache HTTP Server versions 2.0, 2.2, and 2.4.  This
+implementation for Apache HTTP Server versions 2.2 and 2.4.  This
 version of mod_fcgid is a security release.
 
 For information about this module subproject, see the [mod_fcgid module
@@ -294,17 +225,10 @@ KEYS<br></br>% gpg --verify httpd-2.2.0.
 
 - httpd-2.4.10.tar.* are signed by Jim Jagielski `791485A8` 
 
-- httpd-2.2.27.tar.* are signed by William A Rowe Jr `9088F565(7F7214A7)` 
-
-- httpd-2.0.65.tar.* are signed by William A Rowe Jr `9088F565(7F7214A7)` 
+- httpd-2.2.29.tar.* are signed by William A Rowe Jr `9088F565(7F7214A7)` 
 
 - httpd_2.4.10-netware-*.zip signed by Guenter Knauf `E55B0D0E(31D9665F)` 
 
-- httpd-2.0.65-win32-src.zip and .msi signed by William A Rowe Jr
-`9088F565(7F7214A7)` 
-
-- apache_2.0.65-netware-*.zip signed by Guenter Knauf `E55B0D0E(CB11FC40)` 
-
 - mod_fcgid-2.3.9.tar.* and mod_fcgid-2.3.9-crlf.zip are signed by Jeff
 Trawick `39FF092C` 
 

Modified: httpd/site/trunk/content/index.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/index.mdtext?rev=1621918&r1=1621917&r2=1621918&view=diff
==============================================================================
--- httpd/site/trunk/content/index.mdtext (original)
+++ httpd/site/trunk/content/index.mdtext Tue Sep  2 05:14:16 2014
@@ -51,11 +51,11 @@ Parser, and a Small Object Caching API.
 2.4](http://www.apache.org/dist/httpd/CHANGES_2.4) | [ChangeLog for just
 2.4.10](http://www.apache.org/dist/httpd/CHANGES_2.4.10) # {.centered}
 
-# Apache httpd 2.2.27 Released <span>2014-03-26</span>
+# Apache httpd 2.2.29 Released <span>2014-09-02</span>
 The Apache HTTP Server Project is proud to
 [announce](http://www.apache.org/dist/httpd/Announcement2.2.html) the
-release of version 2.2.27 of the Apache HTTP Server ("httpd"). This version
-is principally a bugfix release.
+release of version 2.2.29 of the Apache HTTP Server ("httpd"). This version
+is a security and bugfix release.
 
 This version of httpd is a major release of the 2.2 legacy branch. [New
 features](docs/2.2/new_features_2_2.html) include Smart Filtering, Improved
@@ -64,29 +64,9 @@ File Support, the Event MPM, and refacto
 
 [Download](download.cgi) | [New Features in httpd
 2.2](docs/2.2/new_features_2_2.html) | [ChangeLog for
-2.2.27](http://www.apache.org/dist/httpd/CHANGES_2.2.27) | [Complete
+2.2.29](http://www.apache.org/dist/httpd/CHANGES_2.2.29) | [Complete
 ChangeLog for 2.2](http://www.apache.org/dist/httpd/CHANGES_2.2) # {.centered}
 
-# Apache httpd 2.0.65 Released and Retired<span>2013-07-09</span>
-The Apache HTTP Server Project has ended legacy development of the 2.0 legacy
-branch, and [announces](http://www.apache.org/dist/httpd/Announcement2.0.html)
-the conclusive, historical release of version 2.0.65 of Apache HTTP Server 
-("httpd").  No further releases will occur for the 2.0 version family.
-
-This version of httpd represents the last security and bugfix release of 2.0,
-although it is by no means all-inclusive of either security nor bug fixes. The
-Apache HTTP Project developers strongly encourage all users to finish their
-migrations to stable version 2.4 or the legacy version 2.2 for additional,
-important updates.
-
-For further details, see the
-[announcement](http://www.apache.org/dist/httpd/Announcement2.0.html).
-
-[Download](download.cgi) | [New Features in httpd
-2.0](docs/2.0/new_features_2_0.html) | [ChangeLog for
-2.0.65](http://www.apache.org/dist/httpd/CHANGES_2.0.65) | [Complete
-ChangeLog for 2.0](http://www.apache.org/dist/httpd/CHANGES_2.0) # {.centered}
-
 # Want to try out the Apache HTTP Server? 
 Great! We have updated our [download page](/download.cgi) in an effort to
 better utilize our mirrors. We hope that by making it easier to use our

Modified: httpd/site/trunk/content/security_report.mdtext
URL: http://svn.apache.org/viewvc/httpd/site/trunk/content/security_report.mdtext?rev=1621918&r1=1621917&r2=1621918&view=diff
==============================================================================
--- httpd/site/trunk/content/security_report.mdtext (original)
+++ httpd/site/trunk/content/security_report.mdtext Tue Sep  2 05:14:16 2014
@@ -25,10 +25,6 @@ Server are available:
 
 -  [Apache 2.2 Security Vulnerabilities](/security/vulnerabilities_22.html) 
 
--  [Apache 2.0 Security Vulnerabilities](/security/vulnerabilities_20.html) 
-
--  [Apache 1.3 Security Vulnerabilities](/security/vulnerabilities_13.html) 
-
 To get notification of when new security issues are fixed, join the [Apache
 HTTP Server Announcements
 list](http://httpd.apache.org/lists.html#http-announce)