You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2017/10/05 16:26:20 UTC
svn commit: r1019133 - in /websites/staging/httpd/trunk/content: ./ doap.rdf download.html index.html security/vulnerabilities-httpd.xml security/vulnerabilities_24.html

Author: buildbot
Date: Thu Oct  5 16:26:19 2017
New Revision: 1019133

Log:
Staging update by buildbot for httpd

Modified:
    websites/staging/httpd/trunk/content/   (props changed)
    websites/staging/httpd/trunk/content/doap.rdf
    websites/staging/httpd/trunk/content/download.html
    websites/staging/httpd/trunk/content/index.html
    websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
    websites/staging/httpd/trunk/content/security/vulnerabilities_24.html

Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Oct  5 16:26:19 2017
@@ -1 +1 @@
-1809193
+1811218

Modified: websites/staging/httpd/trunk/content/doap.rdf
==============================================================================
Binary files - no diff available.

Modified: websites/staging/httpd/trunk/content/download.html
==============================================================================
--- websites/staging/httpd/trunk/content/download.html (original)
+++ websites/staging/httpd/trunk/content/download.html Thu Oct  5 16:26:19 2017
@@ -119,7 +119,7 @@ of releases, are available from the
 <a href="//httpd.apache.org/docs/current/platform/windows.html#down">a number of third party vendors</a>.</p>
 <p>Stable Release - Latest Version:</p>
 <ul>
-<li><a href="#apache24">2.4.27</a> (released 2017-07-11)</li>
+<li><a href="#apache24">2.4.28</a> (released 2017-10-05)</li>
 </ul>
 <p>Legacy Release - 2.2 Branch:</p>
 <ul>
@@ -140,31 +140,31 @@ value="[backup]">[backup] (backup)</opti
 type="submit" value="Change"></input></form>
 You may also consult the <a href="//www.apache.org/mirrors/">complete list of
 mirrors</a>.</p>
-<h1 id="apache24">Apache HTTP Server 2.4.27 (httpd): 2.4.27 is the latest available version <span>2017-07-11</span><a class="headerlink" href="#apache24" title="Permanent link">&para;</a></h1>
+<h1 id="apache24">Apache HTTP Server 2.4.28 (httpd): 2.4.28 is the latest available version <span>2017-07-11</span><a class="headerlink" href="#apache24" title="Permanent link">&para;</a></h1>
 <p>The Apache HTTP Server Project is pleased to
 <a href="//www.apache.org/dist/httpd/Announcement2.4.txt">announce</a> the
-release of version 2.4.27 of the Apache HTTP Server ("Apache" and "httpd").
+release of version 2.4.28 of the Apache HTTP Server ("Apache" and "httpd").
 This version of Apache is our latest GA release of the new generation 2.4.x
 branch of Apache HTTPD and represents fifteen years of innovation by the
 project, and is recommended over all previous releases!</p>
 <p>For details see the <a href="//www.apache.org/dist/httpd/Announcement2.4.html">Official
 Announcement</a> and
 the <a href="[preferred]/httpd/CHANGES_2.4">CHANGES_2.4</a> and
-<a href="[preferred]/httpd/CHANGES_2.4.27">CHANGES_2.4.27</a> lists</p>
+<a href="[preferred]/httpd/CHANGES_2.4.28">CHANGES_2.4.28</a> lists</p>
 <ul>
 <li>
-<p>Source: <a href="[preferred]/httpd/httpd-2.4.27.tar.bz2">httpd-2.4.27.tar.bz2</a>
-[ <a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.asc">PGP</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.md5">MD5</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha1">SHA1</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha256">SHA256</a> ]</p>
+<p>Source: <a href="[preferred]/httpd/httpd-2.4.28.tar.bz2">httpd-2.4.28.tar.bz2</a>
+[ <a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.asc">PGP</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.md5">MD5</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.sha1">SHA1</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.sha256">SHA256</a> ]</p>
 </li>
 <li>
-<p>Source: <a href="[preferred]/httpd/httpd-2.4.27.tar.gz">httpd-2.4.27.tar.gz</a> [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.asc">PGP</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.md5">MD5</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.sha1">SHA1</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.sha256">SHA256</a> ]</p>
+<p>Source: <a href="[preferred]/httpd/httpd-2.4.28.tar.gz">httpd-2.4.28.tar.gz</a> [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.asc">PGP</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.md5">MD5</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.sha1">SHA1</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.sha256">SHA256</a> ]</p>
 </li>
 <li>
 <p><a href="[preferred]/httpd/binaries/">Binaries</a> </p>
@@ -181,7 +181,8 @@ the <a href="[preferred]/httpd/CHANGES_2
 </ul>
 <h1 id="apache22">Apache HTTP Server 2.2.34 (httpd) <span>2017-07-11</span><a class="headerlink" href="#apache22" title="Permanent link">&para;</a></h1>
 <p>The Apache HTTP Server Project is pleased to announce the release of Apache
-HTTP Server (httpd) version 2.2.34.</p>
+HTTP Server (httpd) version 2.2.34. This version will be the last release
+of the 2.2 legacy branch.</p>
 <p>For details see the <a href="//www.apache.org/dist/httpd/Announcement2.2.html">Official
 Announcement</a> and
 the <a href="[preferred]/httpd/CHANGES_2.2">CHANGES_2.2</a> or condensed
@@ -326,13 +327,13 @@ verify our releases.</p>
 signature file for the relevant distribution. Make sure you get these files
 from the <a href="//www.apache.org/dist/httpd/">main distribution directory</a> ,
 rather than from a mirror. Then verify the signatures using</p>
-<p><code>% pgpk -a KEYS<br></br>% pgpv httpd-2.4.27.tar.gz.asc <br></br></code>
+<p><code>% pgpk -a KEYS<br></br>% pgpv httpd-2.4.28.tar.gz.asc <br></br></code>
 <em>or</em> <br></br><code>% pgp -ka KEYS<br></br>% pgp
-httpd-2.4.27.tar.gz.asc <br></br></code> <em>or</em> <br></br><code>% gpg --import
-KEYS<br></br>% gpg --verify httpd-2.4.27.tar.gz.asc httpd-2.4.27.tar.gz</code></p>
+httpd-2.4.28.tar.gz.asc <br></br></code> <em>or</em> <br></br><code>% gpg --import
+KEYS<br></br>% gpg --verify httpd-2.4.28.tar.gz.asc httpd-2.4.28.tar.gz</code></p>
 <ul>
 <li>
-<p>httpd-2.4.27.tar.* are signed by Jim Jagielski <code>791485A8</code> </p>
+<p>httpd-2.4.28.tar.* are signed by Jim Jagielski <code>791485A8</code> </p>
 </li>
 <li>
 <p>httpd-2.2.34.tar.* are signed by William A Rowe Jr <code>B55D9977(9088F565)</code> </p>

Modified: websites/staging/httpd/trunk/content/index.html
==============================================================================
--- websites/staging/httpd/trunk/content/index.html (original)
+++ websites/staging/httpd/trunk/content/index.html Thu Oct  5 16:26:19 2017
@@ -117,15 +117,15 @@ standards.</p>
 April 1996. It has celebrated its 20th birthday as a project in February 2015.</p>
 <p>The Apache HTTP Server is a project of <a href="http://www.apache.org/">The Apache Software
 Foundation</a>.</p>
-<h1 id="apache-httpd-2427-released-2017-07-11">Apache httpd 2.4.27 Released <span>2017-07-11</span><a class="headerlink" href="#apache-httpd-2427-released-2017-07-11" title="Permanent link">&para;</a></h1>
+<h1 id="apache-httpd-2428-released-2017-10-05">Apache httpd 2.4.28 Released <span>2017-10-05</span><a class="headerlink" href="#apache-httpd-2428-released-2017-10-05" title="Permanent link">&para;</a></h1>
 <p>The Apache Software Foundation and the Apache HTTP Server Project are
 pleased to
 <a href="http://www.apache.org/dist/httpd/Announcement2.4.html">announce</a> the
-release of version 2.4.27 of the Apache HTTP Server ("httpd").</p>
+release of version 2.4.28 of the Apache HTTP Server ("httpd").</p>
 <p>This latest release from the 2.4.x stable branch represents the best available
 version of Apache HTTP Server.</p>
-<p class="centered"><a href="download.cgi#apache24">Download</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.4.27">ChangeLog for
-2.4.27</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.4">Complete ChangeLog for
+<p class="centered"><a href="download.cgi#apache24">Download</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.4.28">ChangeLog for
+2.4.28</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.4">Complete ChangeLog for
 2.4</a> |  <a href="docs/trunk/new_features_2_4.html">New Features in httpd
 2.4</a></p>
 <h1 id="apache-httpd-2234-released-end-of-life-2017-07-11">Apache httpd 2.2.34 Released End-of-Life <span>2017-07-11</span><a class="headerlink" href="#apache-httpd-2234-released-end-of-life-2017-07-11" title="Permanent link">&para;</a></h1>

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml Thu Oct  5 16:26:19 2017
@@ -1,6 +1,6 @@
 <security updated="20170921">
 
-<issue fixed="2.4.28-dev" reported="20170712" public="20170918" released="">
+<issue fixed="2.4.28" reported="20170712" public="20170918" released="20171005">
 <cve name="CVE-2017-9798"/>
 <severity level="4">low</severity>
 <title>Use-after-free when using &lt;Limit &gt; with an unrecognized method in .htaccess ("OptionsBleed")</title>

Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Thu Oct  5 16:26:19 2017
@@ -106,8 +106,8 @@ in a "-dev" release then this means that
 the development source tree and will be part of an upcoming full release.</p><p> This page is created from a database of vulnerabilities originally
 populated by Apache Week.  Please send comments or corrections for
 these vulnerabilities to the <a href="/security_report.html">Security
-Team</a>.  </p><p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases.  Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more information.</em></p><br/><h1 id="2.4.28-dev">
-Fixed in Apache httpd 2.4.28-dev</h1><dl>
+Team</a>.  </p><p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases.  Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more information.</em></p><br/><h1 id="2.4.28">
+Fixed in Apache httpd 2.4.28</h1><dl>
   <dt>
     <h3 id="CVE-2017-9798">low:
     <name name="CVE-2017-9798">Use-after-free when using &lt;Limit &gt; with an unrecognized method in .htaccess ("OptionsBleed")</name>
@@ -139,6 +139,10 @@ We would like to thank Hanno BÃ¶ck for
         <td class="cve-value">18thÂ SeptemberÂ 2017</td>
       </tr>
       <tr>
+        <td class="cve-header">Update Released</td>
+        <td class="cve-value">5thÂ OctoberÂ 2017</td>
+      </tr>
+      <tr>
         <td class="cve-header">Affects</td>
         <td class="cve-value">2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
       </tr>