You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2008/12/13 15:47:27 UTC

svn commit: r726214 - in /httpd/site/trunk/dist: Announcement2.2.html Announcement2.2.txt

Author: rpluem
Date: Sat Dec 13 06:47:26 2008
New Revision: 726214

URL: http://svn.apache.org/viewvc?rev=726214&view=rev
Log:
* Announcements for 2.2.11.

Modified:
    httpd/site/trunk/dist/Announcement2.2.html
    httpd/site/trunk/dist/Announcement2.2.txt

Modified: httpd/site/trunk/dist/Announcement2.2.html
URL: http://svn.apache.org/viewvc/httpd/site/trunk/dist/Announcement2.2.html?rev=726214&r1=726213&r2=726214&view=diff
==============================================================================
--- httpd/site/trunk/dist/Announcement2.2.html (original)
+++ httpd/site/trunk/dist/Announcement2.2.html Sat Dec 13 06:47:26 2008
@@ -14,31 +14,21 @@
 >
 <img src="../../images/apache_sub.gif" alt="">
 
-<h1>Apache HTTP Server 2.2.10 Released</h1>
+<h1>Apache HTTP Server 2.2.11 Released</h1>
 
 <p>The Apache Software Foundation and the Apache HTTP Server Project are
-pleased to announce the release of version 2.2.10 of the Apache HTTP Server
+pleased to announce the release of version 2.2.11 of the Apache HTTP Server
 ("Apache").</p>
 
-<p>This version of Apache is principally a bug and security fix release.
-   The following potential security flaws are addressed:
+<p>This version of Apache is principally a bug fix release.
 </p>
 
-<ul>
-<li><a
- href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939">CVE-2008-2939:</a>
- mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
- the FTP URL. Discovered by Marc Bevand of Rapid7.
- </li>
-
-</ul>
-
 <p>
 We consider this release to be the best version of Apache available, and
 encourage users of all prior versions to upgrade.
 </p>
 
-<p>Apache HTTP Server 2.2.10 is available for download from:</p>
+<p>Apache HTTP Server 2.2.11 is available for download from:</p>
 <dl>
   <dd><a href="http://httpd.apache.org/download.cgi"
               >http://httpd.apache.org/download.cgi</a></dd>
@@ -57,10 +47,10 @@
 
 <p>
 Please see the CHANGES_2.2 file, linked from the download page, for a
-full list of changes.  A condensed list, CHANGES_2.2.10 provides the
-complete list of changes since 2.2.9.
+full list of changes.  A condensed list, CHANGES_2.2.11 provides the
+complete list of changes since 2.2.10.
 A summary of security vulnerabilities
-which were  addressed in the previous 2.2.9 and earlier releases is available:
+which were  addressed in the previous 2.2.10 and earlier releases is available:
 <dl>
   <dd><a href="http://httpd.apache.org/security/vulnerabilities_22.html"
               >http://httpd.apache.org/security/vulnerabilities_22.html</a>
@@ -77,7 +67,7 @@
 
 <p>
 This release includes the <a href="http://apr.apache.org/"
->Apache Portable Runtime</a> (APR) version 1.3.0
+>Apache Portable Runtime</a> (APR) version 1.3.3
 bundled with the tar and zip distributions.  The APR libraries libapr and
 libaprutil (and on Win32, libapriconv) must all be updated to ensure
 binary compatibility and address many known platform bugs.

Modified: httpd/site/trunk/dist/Announcement2.2.txt
URL: http://svn.apache.org/viewvc/httpd/site/trunk/dist/Announcement2.2.txt?rev=726214&r1=726213&r2=726214&view=diff
==============================================================================
--- httpd/site/trunk/dist/Announcement2.2.txt (original)
+++ httpd/site/trunk/dist/Announcement2.2.txt Sat Dec 13 06:47:26 2008
@@ -1,19 +1,14 @@
-                       Apache HTTP Server 2.2.10 Released
+                       Apache HTTP Server 2.2.11 Released
 
    The Apache Software Foundation and the Apache HTTP Server Project are
-   pleased to announce the release of version 2.2.10 of the Apache HTTP
-   Server ("Apache").  This version of Apache is principally a bug and
-   security fix release. The following potential security flaws are
-   addressed:
-
-     * CVE-2008-2939 (cve.mitre.org)
-       mod_proxy_ftp: Prevent XSS attacks when using wildcards in the
-       path of the FTP URL. Discovered by Marc Bevand of Rapid7.
+   pleased to announce the release of version 2.2.11 of the Apache HTTP
+   Server ("Apache").  This version of Apache is principally a bug fix
+   release.
 
    We consider this release to be the best version of Apache available, and
    encourage users of all prior versions to upgrade.
 
-   Apache HTTP Server 2.2.10 is available for download from:
+   Apache HTTP Server 2.2.11 is available for download from:
 
      http://httpd.apache.org/download.cgi
 
@@ -24,11 +19,11 @@
      http://httpd.apache.org/docs/2.2/new_features_2_2.html
 
    Please see the CHANGES_2.2 file, linked from the download page, for a
-   full list of changes.  A condensed list, CHANGES_2.2.10 provides the
-   complete list of changes since 2.2.9. A summary of security
-   vulnerabilities which were addressed in the previous 2.2.9 and earlier
+   full list of changes.  A condensed list, CHANGES_2.2.11 provides the
+   complete list of changes since 2.2.10. A summary of security
+   vulnerabilities which were addressed in the previous 2.2.10 and earlier
    releases is available:
-   
+
      http://httpd.apache.org/security/vulnerabilities_22.html
 
    Apache HTTP Server 1.3.41 and 2.0.63 legacy releases are also currently
@@ -38,7 +33,7 @@
    Apache 2.2, as only limited maintenance is performed on these legacy
    versions.
 
-   This release includes the Apache Portable Runtime (APR) version 1.3.0
+   This release includes the Apache Portable Runtime (APR) version 1.3.3
    bundled with the tar and zip distributions.  The APR libraries libapr
    and libaprutil (and on Win32, libapriconv) must all be updated to ensure
    binary compatibility and address many known platform bugs.