You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by bu...@apache.org on 2017/10/05 16:26:20 UTC
svn commit: r1019133 - in /websites/staging/httpd/trunk/content: ./ doap.rdf
download.html index.html security/vulnerabilities-httpd.xml
security/vulnerabilities_24.html
Author: buildbot
Date: Thu Oct 5 16:26:19 2017
New Revision: 1019133
Log:
Staging update by buildbot for httpd
Modified:
websites/staging/httpd/trunk/content/ (props changed)
websites/staging/httpd/trunk/content/doap.rdf
websites/staging/httpd/trunk/content/download.html
websites/staging/httpd/trunk/content/index.html
websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
Propchange: websites/staging/httpd/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Oct 5 16:26:19 2017
@@ -1 +1 @@
-1809193
+1811218
Modified: websites/staging/httpd/trunk/content/doap.rdf
==============================================================================
Binary files - no diff available.
Modified: websites/staging/httpd/trunk/content/download.html
==============================================================================
--- websites/staging/httpd/trunk/content/download.html (original)
+++ websites/staging/httpd/trunk/content/download.html Thu Oct 5 16:26:19 2017
@@ -119,7 +119,7 @@ of releases, are available from the
<a href="//httpd.apache.org/docs/current/platform/windows.html#down">a number of third party vendors</a>.</p>
<p>Stable Release - Latest Version:</p>
<ul>
-<li><a href="#apache24">2.4.27</a> (released 2017-07-11)</li>
+<li><a href="#apache24">2.4.28</a> (released 2017-10-05)</li>
</ul>
<p>Legacy Release - 2.2 Branch:</p>
<ul>
@@ -140,31 +140,31 @@ value="[backup]">[backup] (backup)</opti
type="submit" value="Change"></input></form>
You may also consult the <a href="//www.apache.org/mirrors/">complete list of
mirrors</a>.</p>
-<h1 id="apache24">Apache HTTP Server 2.4.27 (httpd): 2.4.27 is the latest available version <span>2017-07-11</span><a class="headerlink" href="#apache24" title="Permanent link">¶</a></h1>
+<h1 id="apache24">Apache HTTP Server 2.4.28 (httpd): 2.4.28 is the latest available version <span>2017-07-11</span><a class="headerlink" href="#apache24" title="Permanent link">¶</a></h1>
<p>The Apache HTTP Server Project is pleased to
<a href="//www.apache.org/dist/httpd/Announcement2.4.txt">announce</a> the
-release of version 2.4.27 of the Apache HTTP Server ("Apache" and "httpd").
+release of version 2.4.28 of the Apache HTTP Server ("Apache" and "httpd").
This version of Apache is our latest GA release of the new generation 2.4.x
branch of Apache HTTPD and represents fifteen years of innovation by the
project, and is recommended over all previous releases!</p>
<p>For details see the <a href="//www.apache.org/dist/httpd/Announcement2.4.html">Official
Announcement</a> and
the <a href="[preferred]/httpd/CHANGES_2.4">CHANGES_2.4</a> and
-<a href="[preferred]/httpd/CHANGES_2.4.27">CHANGES_2.4.27</a> lists</p>
+<a href="[preferred]/httpd/CHANGES_2.4.28">CHANGES_2.4.28</a> lists</p>
<ul>
<li>
-<p>Source: <a href="[preferred]/httpd/httpd-2.4.27.tar.bz2">httpd-2.4.27.tar.bz2</a>
-[ <a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.asc">PGP</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.md5">MD5</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha1">SHA1</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.bz2.sha256">SHA256</a> ]</p>
+<p>Source: <a href="[preferred]/httpd/httpd-2.4.28.tar.bz2">httpd-2.4.28.tar.bz2</a>
+[ <a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.asc">PGP</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.md5">MD5</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.sha1">SHA1</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.bz2.sha256">SHA256</a> ]</p>
</li>
<li>
-<p>Source: <a href="[preferred]/httpd/httpd-2.4.27.tar.gz">httpd-2.4.27.tar.gz</a> [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.asc">PGP</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.md5">MD5</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.sha1">SHA1</a> ] [
-<a href="https://www.apache.org/dist/httpd/httpd-2.4.27.tar.gz.sha256">SHA256</a> ]</p>
+<p>Source: <a href="[preferred]/httpd/httpd-2.4.28.tar.gz">httpd-2.4.28.tar.gz</a> [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.asc">PGP</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.md5">MD5</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.sha1">SHA1</a> ] [
+<a href="https://www.apache.org/dist/httpd/httpd-2.4.28.tar.gz.sha256">SHA256</a> ]</p>
</li>
<li>
<p><a href="[preferred]/httpd/binaries/">Binaries</a> </p>
@@ -181,7 +181,8 @@ the <a href="[preferred]/httpd/CHANGES_2
</ul>
<h1 id="apache22">Apache HTTP Server 2.2.34 (httpd) <span>2017-07-11</span><a class="headerlink" href="#apache22" title="Permanent link">¶</a></h1>
<p>The Apache HTTP Server Project is pleased to announce the release of Apache
-HTTP Server (httpd) version 2.2.34.</p>
+HTTP Server (httpd) version 2.2.34. This version will be the last release
+of the 2.2 legacy branch.</p>
<p>For details see the <a href="//www.apache.org/dist/httpd/Announcement2.2.html">Official
Announcement</a> and
the <a href="[preferred]/httpd/CHANGES_2.2">CHANGES_2.2</a> or condensed
@@ -326,13 +327,13 @@ verify our releases.</p>
signature file for the relevant distribution. Make sure you get these files
from the <a href="//www.apache.org/dist/httpd/">main distribution directory</a> ,
rather than from a mirror. Then verify the signatures using</p>
-<p><code>% pgpk -a KEYS<br></br>% pgpv httpd-2.4.27.tar.gz.asc <br></br></code>
+<p><code>% pgpk -a KEYS<br></br>% pgpv httpd-2.4.28.tar.gz.asc <br></br></code>
<em>or</em> <br></br><code>% pgp -ka KEYS<br></br>% pgp
-httpd-2.4.27.tar.gz.asc <br></br></code> <em>or</em> <br></br><code>% gpg --import
-KEYS<br></br>% gpg --verify httpd-2.4.27.tar.gz.asc httpd-2.4.27.tar.gz</code></p>
+httpd-2.4.28.tar.gz.asc <br></br></code> <em>or</em> <br></br><code>% gpg --import
+KEYS<br></br>% gpg --verify httpd-2.4.28.tar.gz.asc httpd-2.4.28.tar.gz</code></p>
<ul>
<li>
-<p>httpd-2.4.27.tar.* are signed by Jim Jagielski <code>791485A8</code> </p>
+<p>httpd-2.4.28.tar.* are signed by Jim Jagielski <code>791485A8</code> </p>
</li>
<li>
<p>httpd-2.2.34.tar.* are signed by William A Rowe Jr <code>B55D9977(9088F565)</code> </p>
Modified: websites/staging/httpd/trunk/content/index.html
==============================================================================
--- websites/staging/httpd/trunk/content/index.html (original)
+++ websites/staging/httpd/trunk/content/index.html Thu Oct 5 16:26:19 2017
@@ -117,15 +117,15 @@ standards.</p>
April 1996. It has celebrated its 20th birthday as a project in February 2015.</p>
<p>The Apache HTTP Server is a project of <a href="http://www.apache.org/">The Apache Software
Foundation</a>.</p>
-<h1 id="apache-httpd-2427-released-2017-07-11">Apache httpd 2.4.27 Released <span>2017-07-11</span><a class="headerlink" href="#apache-httpd-2427-released-2017-07-11" title="Permanent link">¶</a></h1>
+<h1 id="apache-httpd-2428-released-2017-10-05">Apache httpd 2.4.28 Released <span>2017-10-05</span><a class="headerlink" href="#apache-httpd-2428-released-2017-10-05" title="Permanent link">¶</a></h1>
<p>The Apache Software Foundation and the Apache HTTP Server Project are
pleased to
<a href="http://www.apache.org/dist/httpd/Announcement2.4.html">announce</a> the
-release of version 2.4.27 of the Apache HTTP Server ("httpd").</p>
+release of version 2.4.28 of the Apache HTTP Server ("httpd").</p>
<p>This latest release from the 2.4.x stable branch represents the best available
version of Apache HTTP Server.</p>
-<p class="centered"><a href="download.cgi#apache24">Download</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.4.27">ChangeLog for
-2.4.27</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.4">Complete ChangeLog for
+<p class="centered"><a href="download.cgi#apache24">Download</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.4.28">ChangeLog for
+2.4.28</a> | <a href="http://www.apache.org/dist/httpd/CHANGES_2.4">Complete ChangeLog for
2.4</a> | <a href="docs/trunk/new_features_2_4.html">New Features in httpd
2.4</a></p>
<h1 id="apache-httpd-2234-released-end-of-life-2017-07-11">Apache httpd 2.2.34 Released End-of-Life <span>2017-07-11</span><a class="headerlink" href="#apache-httpd-2234-released-end-of-life-2017-07-11" title="Permanent link">¶</a></h1>
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities-httpd.xml Thu Oct 5 16:26:19 2017
@@ -1,6 +1,6 @@
<security updated="20170921">
-<issue fixed="2.4.28-dev" reported="20170712" public="20170918" released="">
+<issue fixed="2.4.28" reported="20170712" public="20170918" released="20171005">
<cve name="CVE-2017-9798"/>
<severity level="4">low</severity>
<title>Use-after-free when using <Limit > with an unrecognized method in .htaccess ("OptionsBleed")</title>
Modified: websites/staging/httpd/trunk/content/security/vulnerabilities_24.html
==============================================================================
--- websites/staging/httpd/trunk/content/security/vulnerabilities_24.html (original)
+++ websites/staging/httpd/trunk/content/security/vulnerabilities_24.html Thu Oct 5 16:26:19 2017
@@ -106,8 +106,8 @@ in a "-dev" release then this means that
the development source tree and will be part of an upcoming full release.</p><p> This page is created from a database of vulnerabilities originally
populated by Apache Week. Please send comments or corrections for
these vulnerabilities to the <a href="/security_report.html">Security
-Team</a>. </p><p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases. Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more information.</em></p><br/><h1 id="2.4.28-dev">
-Fixed in Apache httpd 2.4.28-dev</h1><dl>
+Team</a>. </p><p><em>The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases. Consult the <a href="vulnerabilities_22.html">Apache httpd 2.2 vulnerabilities list</a> for more information.</em></p><br/><h1 id="2.4.28">
+Fixed in Apache httpd 2.4.28</h1><dl>
<dt>
<h3 id="CVE-2017-9798">low:
<name name="CVE-2017-9798">Use-after-free when using <Limit > with an unrecognized method in .htaccess ("OptionsBleed")</name>
@@ -139,6 +139,10 @@ We would like to thank Hanno Böck for
<td class="cve-value">18th September 2017</td>
</tr>
<tr>
+ <td class="cve-header">Update Released</td>
+ <td class="cve-value">5th October 2017</td>
+ </tr>
+ <tr>
<td class="cve-header">Affects</td>
<td class="cve-value">2.4.27, 2.4.26, 2.4.25, 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, 2.4.1</td>
</tr>