You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2008/10/14 19:19:08 UTC
svn commit: r704583 - in /httpd/site/trunk: dist/Announcement2.2.html
dist/Announcement2.2.txt xdocs/download.xml xdocs/index.xml
Author: jim
Date: Tue Oct 14 10:19:08 2008
New Revision: 704583
URL: http://svn.apache.org/viewvc?rev=704583&view=rev
Log:
Change for 2.2.10
Modified:
httpd/site/trunk/dist/Announcement2.2.html
httpd/site/trunk/dist/Announcement2.2.txt
httpd/site/trunk/xdocs/download.xml
httpd/site/trunk/xdocs/index.xml
Modified: httpd/site/trunk/dist/Announcement2.2.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/dist/Announcement2.2.html?rev=704583&r1=704582&r2=704583&view=diff
==============================================================================
--- httpd/site/trunk/dist/Announcement2.2.html (original)
+++ httpd/site/trunk/dist/Announcement2.2.html Tue Oct 14 10:19:08 2008
@@ -14,10 +14,10 @@
>
<img src="../../images/apache_sub.gif" alt="">
-<h1>Apache HTTP Server 2.2.9 Released</h1>
+<h1>Apache HTTP Server 2.2.10 Released</h1>
<p>The Apache Software Foundation and the Apache HTTP Server Project are
-pleased to announce the release of version 2.2.9 of the Apache HTTP Server
+pleased to announce the release of version 2.2.10 of the Apache HTTP Server
("Apache").</p>
<p>This version of Apache is principally a bug and security fix release.
@@ -26,17 +26,10 @@
<ul>
<li><a
- href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364">CVE-2008-2364:</a>
- mod_proxy_http: Better handling of excessive interim responses
- from origin server to prevent potential denial of service and high
- memory usage. Reported by Ryujiro Shibuya.
-</li>
-
-<li><a
- href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6420">CVE-2007-6420:</a>
- mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager
- interface.
-</li>
+ href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939:</a>
+ mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
+ the FTP URL. Discovered by Marc Bevand of Rapid7.
+ </li>
</ul>
@@ -45,7 +38,7 @@
encourage users of all prior versions to upgrade.
</p>
-<p>Apache HTTP Server 2.2.9 is available for download from:</p>
+<p>Apache HTTP Server 2.2.10 is available for download from:</p>
<dl>
<dd><a href="http://httpd.apache.org/download.cgi"
>http://httpd.apache.org/download.cgi</a></dd>
@@ -64,10 +57,10 @@
<p>
Please see the CHANGES_2.2 file, linked from the download page, for a
-full list of changes. A condensed list, CHANGES_2.2.9 provides the
-complete list of changes since 2.2.8.
+full list of changes. A condensed list, CHANGES_2.2.10 provides the
+complete list of changes since 2.2.9.
A summary of security vulnerabilities
-which were addressed in the previous 2.2.8 and earlier releases is available:
+which were addressed in the previous 2.2.9 and earlier releases is available:
<dl>
<dd><a href="http://httpd.apache.org/security/vulnerabilities_22.html"
>http://httpd.apache.org/security/vulnerabilities_22.html</a>
Modified: httpd/site/trunk/dist/Announcement2.2.txt
URL: http://svn.apache.org/viewvc/httpd/site/trunk/dist/Announcement2.2.txt?rev=704583&r1=704582&r2=704583&view=diff
==============================================================================
--- httpd/site/trunk/dist/Announcement2.2.txt (original)
+++ httpd/site/trunk/dist/Announcement2.2.txt Tue Oct 14 10:19:08 2008
@@ -1,24 +1,18 @@
- Apache HTTP Server 2.2.9 Released
+ Apache HTTP Server 2.2.10 Released
The Apache Software Foundation and the Apache HTTP Server Project are
- pleased to announce the release of version 2.2.9 of the Apache HTTP Server
+ pleased to announce the release of version 2.2.10 of the Apache HTTP Server
("Apache"). This version of Apache is principally a bug and security fix
release. The following potential security flaws are addressed:
- * CVE-2008-2364 (cve.mitre.org)
- mod_proxy_http: Better handling of excessive interim responses
- from origin server to prevent potential denial of service and high
- memory usage. Reported by Ryujiro Shibuya.
-
- * CVE-2007-6420 (cve.mitre.org)
- mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager
- interface.
-
+ * CVE-2008-2939 (cve.mitre.org)
+ mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
+ the FTP URL. Discovered by Marc Bevand of Rapid7.
We consider this release to be the best version of Apache available, and
encourage users of all prior versions to upgrade.
- Apache HTTP Server 2.2.9 is available for download from:
+ Apache HTTP Server 2.2.10 is available for download from:
http://httpd.apache.org/download.cgi
@@ -29,9 +23,9 @@
http://httpd.apache.org/docs/2.2/new_features_2_2.html
Please see the CHANGES_2.2 file, linked from the download page, for a
- full list of changes. A condensed list, CHANGES_2.2.9 provides the
- complete list of changes since 2.2.8. A summary of security vulnerabilities
- which were addressed in the previous 2.2.8 and earlier releases is available:
+ full list of changes. A condensed list, CHANGES_2.2.10 provides the
+ complete list of changes since 2.2.9. A summary of security vulnerabilities
+ which were addressed in the previous 2.2.9 and earlier releases is available:
http://httpd.apache.org/security/vulnerabilities_22.html
Modified: httpd/site/trunk/xdocs/download.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/download.xml?rev=704583&r1=704582&r2=704583&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/download.xml (original)
+++ httpd/site/trunk/xdocs/download.xml Tue Oct 14 10:19:08 2008
@@ -52,11 +52,11 @@
</section>
-<section id="apache22" date="2008-06-13"><title>Apache HTTP Server 2.2.9
+<section id="apache22" date="2008-06-13"><title>Apache HTTP Server 2.2.10
is the best available version</title>
<p>The Apache HTTP Server Project is pleased to announce the release of Apache
-HTTP Server, version 2.2.9. This release represents ten years of innovation
+HTTP Server, version 2.2.10. This release represents ten years of innovation
by the project, and is recommended over all previous releases! In particular,
this release fixes a few potential security vulnerabilites.</p>
@@ -64,7 +64,7 @@
href="http://www.apache.org/dist/httpd/Announcement2.2.html">Official
Announcement</a> and the <a
href="[preferred]/httpd/CHANGES_2.2">CHANGES_2.2</a> and
- <a href="[preferred]/httpd/CHANGES_2.2.9">CHANGES_2.2.9</a> lists</p>
+ <a href="[preferred]/httpd/CHANGES_2.2.10">CHANGES_2.2.10</a> lists</p>
<p>Add-in modules for Apache 1.3 or 2.0 are not compatible with Apache 2.2.
If you are running third party add-in modules, you must obtain modules
@@ -75,36 +75,36 @@
<ul>
<li>Unix Source:
-<a href="[preferred]/httpd/httpd-2.2.9.tar.gz">httpd-2.2.9.tar.gz</a>
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9.tar.gz.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9.tar.gz.md5">MD5</a>]
+<a href="[preferred]/httpd/httpd-2.2.10.tar.gz">httpd-2.2.10.tar.gz</a>
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10.tar.gz.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10.tar.gz.md5">MD5</a>]
</li>
<li>Unix Source:
-<a href="[preferred]/httpd/httpd-2.2.9.tar.bz2">httpd-2.2.9.tar.bz2</a>
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9.tar.bz2.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9.tar.bz2.md5">MD5</a>]
+<a href="[preferred]/httpd/httpd-2.2.10.tar.bz2">httpd-2.2.10.tar.bz2</a>
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10.tar.bz2.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10.tar.bz2.md5">MD5</a>]
</li>
<li>Win32 Source:
-<a href="[preferred]/httpd/httpd-2.2.9-win32-src.zip"
- >httpd-2.2.9-win32-src.zip</a>
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9-win32-src.zip.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/httpd/httpd-2.2.9-win32-src.zip.md5">MD5</a>]
+<a href="[preferred]/httpd/httpd-2.2.10-win32-src.zip"
+ >httpd-2.2.10-win32-src.zip</a>
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10-win32-src.zip.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/httpd/httpd-2.2.10-win32-src.zip.md5">MD5</a>]
</li>
<li>Win32 Binary without crypto (no mod_ssl) (MSI Installer):
-<a href="[preferred]/httpd/binaries/win32/apache_2.2.9-win32-x86-no_ssl-r2.msi"
- >apache_2.2.9-win32-x86-no_ssl-r2.msi</a>
-[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.9-win32-x86-no_ssl-r2.msi.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.9-win32-x86-no_ssl-r2.msi.md5">MD5</a>]
+<a href="[preferred]/httpd/binaries/win32/apache_2.2.10-win32-x86-no_ssl-r2.msi"
+ >apache_2.2.10-win32-x86-no_ssl-r2.msi</a>
+[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.10-win32-x86-no_ssl-r2.msi.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.10-win32-x86-no_ssl-r2.msi.md5">MD5</a>]
</li>
<li>Win32 Binary including OpenSSL 0.9.8h (MSI Installer):
-<a href="[preferred]/httpd/binaries/win32/apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi"
- >apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi</a>
-[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi.asc">PGP</a>]
-[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi.md5">MD5</a>]
+<a href="[preferred]/httpd/binaries/win32/apache_2.2.10-win32-x86-openssl-0.9.8h-r2.msi"
+ >apache_2.2.10-win32-x86-openssl-0.9.8h-r2.msi</a>
+[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.10-win32-x86-openssl-0.9.8h-r2.msi.asc">PGP</a>]
+[<a href="http://www.apache.org/dist/httpd/binaries/win32/apache_2.2.10-win32-x86-openssl-0.9.8h-r2.msi.md5">MD5</a>]
</li>
<li><a href="[preferred]/httpd/">Other files</a></li>
@@ -272,7 +272,7 @@
</code></p>
<ul>
-<li>httpd-2.2.9.tar.* is signed by Jim Jagielski <code>08C975E5</code></li>
+<li>httpd-2.2.10.tar.* is signed by Jim Jagielski <code>08C975E5</code></li>
<li>httpd-2.0.63.tar.* is signed by Jim Jagielski <code>08C975E5</code></li>
<li>apache_1.3.41.tar.* is signed by Jim Jagielski <code>08C975E5</code></li>
<li>apache_*.msi are signed by William Rowe <code>B55D9977(CB9B9EC5)</code></li>
Modified: httpd/site/trunk/xdocs/index.xml
URL: http://svn.apache.org/viewvc/httpd/site/trunk/xdocs/index.xml?rev=704583&r1=704582&r2=704583&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/index.xml (original)
+++ httpd/site/trunk/xdocs/index.xml Tue Oct 14 10:19:08 2008
@@ -21,12 +21,12 @@
href="http://www.apache.org/">Apache Software Foundation</a>.</p>
</section>
-<section id="2.2.9" date="2008-06-13">
-<title>Apache 2.2.9 Released</title>
+<section id="2.2.10" date="2008-10-14">
+<title>Apache 2.2.10 Released</title>
<p>The Apache HTTP Server Project is proud to <a
href="http://www.apache.org/dist/httpd/Announcement2.2.html">announce</a>
-the release of version 2.2.9 of the Apache HTTP Server ("Apache"). This
+the release of version 2.2.10 of the Apache HTTP Server ("Apache"). This
version is principally a security and bugfix release.</p>
<p>This version of Apache is a major release and the start of a new stable