You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Good guy <xf...@hotmail.com> on 2017/01/03 22:19:57 UTC
[users@httpd] Re: Next version of Apache 2.2?
On 03/01/2017 21:31, Development Manager wrote:
> CVE-2016-8743 was patched/mitigated in Apache 2.4 but is still an outstanding issue in 2.2, according to https://security-tracker.debian.org/tracker/CVE-2016-8743.
>
> Is there a plan to rebase it to 2.2? If so, do you know when?
> The reason I ask is PCI DSS requires that we have all vulnerabilities patched within 30 days, and it's been 2 weeks since 2.4 was patched.
>
2.2 is dead and finished. It is time to move to 2.4. Nobody is working
on 2.2 as far as I know.
--
If you want to filter all of my posts then please read this article:
<https://support.mozilla.org/en-US/kb/organize-your-messages-using-filters>
In step 7 select "Delete"
With over 400 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: Next version of Apache 2.2?
Posted by Rainer Jung <ra...@kippdata.de>.
Am 03.01.2017 um 23:19 schrieb Good guy:
> On 03/01/2017 21:31, Development Manager wrote:
>> CVE-2016-8743 was patched/mitigated in Apache 2.4 but is still an
>> outstanding issue in 2.2, according to
>> https://security-tracker.debian.org/tracker/CVE-2016-8743.
>>
>> Is there a plan to rebase it to 2.2? If so, do you know when?
>> The reason I ask is PCI DSS requires that we have all vulnerabilities
>> patched within 30 days, and it's been 2 weeks since 2.4 was patched.
>>
> 2.2 is dead and finished. It is time to move to 2.4. Nobody is working
> on 2.2 as far as I know.
The backport vote for the fix is ongoing and likely there will be a
release soon after the fix will have been voted into 2.2. But it might
be it will be published after your 30 days deadline.
In general "yes": if you can, you should migrate to 2.4.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org