You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by "William A. Rowe Jr." <wr...@rowe-clan.net> on 2011/05/19 19:17:52 UTC
[Announce] Regressions in httpd 2.2.18, apr 1.4.4, and apr-util 1.3.11
New releases are in progress for each of these projects and are
expected to be available in the coming days. The upcoming httpd
2.2.19 will bundle new releases of apr and apr-util which correct
the regressions described below. An announcement of these releases
will be broadcast.
Note: httpd 2.2.18 bundles apr 1.4.4 and apr-util 1.3.11.
Summary of regressions:
httpd 2.2.18: The ap_unescape_url_keep2f() function signature was changed.
This breaks binary compatibility of a number of third-party modules. In
addition, a regression in apr 1.4.4 (see below) could cause httpd to hang.
apr 1.4.4: A fix in apr 1.4.4 apr_fnmatch() to address CVE-2011-0419
introduced a new vulnerability. A patch is attached and should be used
if httpd workers enter a hung state (100% cpu utilization) after updating
to httpd 2.2.18 or apr-util 1.4.4, or if hangs are seen in other apr
applications which use apr_fnmatch().
apr-util 1.3.11: A fix to LDAP support in apr-util 1.3.11 could cause
crashes with httpd's mod_authnz_ldap in some situations.
Re: [users@httpd] Re: [Announce] Regressions in httpd 2.2.18, apr
1.4.4, and apr-util 1.3.11
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 5/20/2011 9:21 AM, Jeff Trawick wrote:
> On Thu, May 19, 2011 at 9:40 PM, DW <xf...@hotmail.com> wrote:
>> William A. Rowe Jr. wrote:
>>> New releases are in progress for each of these projects and are
>>> expected to be available in the coming days. The upcoming httpd
>>> 2.2.19 will bundle new releases of apr and apr-util which correct
>>> the regressions described below. An announcement of these releases
>>> will be broadcast.
>>>
>>
>>
>> Is there time frame anywhere for 2.2.19 release date?
>
> "soon"
And the release vote is already underway, should be complete by midday
tomorrow, and we always give the mirrors a chance to catch up before
publishing the announcement.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: [Announce] Regressions in httpd 2.2.18, apr
1.4.4, and apr-util 1.3.11
Posted by Jeff Trawick <tr...@gmail.com>.
On Thu, May 19, 2011 at 9:40 PM, DW <xf...@hotmail.com> wrote:
> William A. Rowe Jr. wrote:
>> New releases are in progress for each of these projects and are
>> expected to be available in the coming days. The upcoming httpd
>> 2.2.19 will bundle new releases of apr and apr-util which correct
>> the regressions described below. An announcement of these releases
>> will be broadcast.
>>
>
>
> Is there time frame anywhere for 2.2.19 release date?
"soon"
I anticipate that there will be discussion on that by this evening on
dev@httpd.apache.org.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: [Announce] Regressions in httpd 2.2.18, apr 1.4.4, and apr-util
1.3.11
Posted by DW <xf...@hotmail.com>.
William A. Rowe Jr. wrote:
> New releases are in progress for each of these projects and are
> expected to be available in the coming days. The upcoming httpd
> 2.2.19 will bundle new releases of apr and apr-util which correct
> the regressions described below. An announcement of these releases
> will be broadcast.
>
Is there time frame anywhere for 2.2.19 release date?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [Announce] Regressions in httpd 2.2.18, apr 1.4.4, and apr-util
1.3.11
Posted by DW <xf...@hotmail.com>.
William A. Rowe Jr. wrote:
> New releases are in progress for each of these projects and are
> expected to be available in the coming days. The upcoming httpd
> 2.2.19 will bundle new releases of apr and apr-util which correct
> the regressions described below. An announcement of these releases
> will be broadcast.
>
Is there time frame anywhere for 2.2.19 release date?