You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2014/03/13 17:48:19 UTC
svn commit: r4639 - in /dev/httpd: Announcement2.4.html Announcement2.4.txt
Author: jim
Date: Thu Mar 13 16:48:19 2014
New Revision: 4639
Log:
Announcement updates
Modified:
dev/httpd/Announcement2.4.html
dev/httpd/Announcement2.4.txt
Modified: dev/httpd/Announcement2.4.html
==============================================================================
--- dev/httpd/Announcement2.4.html (original)
+++ dev/httpd/Announcement2.4.html Thu Mar 13 16:48:19 2014
@@ -15,12 +15,12 @@
<img src="../../images/apache_sub.gif" alt="" />
<h1>
- Apache HTTP Server 2.4.8 Released
+ Apache HTTP Server 2.4.9 Released
</h1>
<p>
The Apache Software Foundation and the Apache HTTP Server Project are
pleased to <a href="http://www.apache.org/dist/httpd/Announcement2.4.html">announce</a>
- the release of version 2.4.8 of the Apache
+ the release of version 2.4.9 of the Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of
@@ -35,6 +35,11 @@
cookies. Clean up the cookie logging parser to recognize
only the cookie=value pairs, not valueless cookies.
</li>
+<li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438">CVE-2013-6438</a>
+ mod_dav: Keep track of length of cdata properly when removing
+ leading spaces. Eliminates a potential denial of service from
+ specifically crafted DAV WRITE requests
+</li>
</ul>
<p>
Also in this release are some exciting new features including:
@@ -47,10 +52,11 @@
</ul>
<p>
We consider this release to be the best version of Apache available, and
- encourage users of all prior versions to upgrade.
+ encourage users of all prior versions to upgrade. NOTE: 2.4.8 was not
+ released.
</p>
<p>
- Apache HTTP Server 2.4.8 is available for download from:
+ Apache HTTP Server 2.4.9 is available for download from:
</p>
<dl>
<dd><a href="http://httpd.apache.org/download.cgi"
@@ -58,7 +64,7 @@
</dl>
<p>
Please see the CHANGES_2.4 file, linked from the download page, for a
- full list of changes. A condensed list, CHANGES_2.4.8 includes only
+ full list of changes. A condensed list, CHANGES_2.4.9 includes only
those changes introduced since the prior 2.4 release. A summary of all
of the security vulnerabilities addressed in this and earlier releases
is available:
Modified: dev/httpd/Announcement2.4.txt
==============================================================================
--- dev/httpd/Announcement2.4.txt (original)
+++ dev/httpd/Announcement2.4.txt Thu Mar 13 16:48:19 2014
@@ -1,7 +1,7 @@
- Apache HTTP Server 2.4.8 Released
+ Apache HTTP Server 2.4.9 Released
The Apache Software Foundation and the Apache HTTP Server Project
- are pleased to announce the release of version 2.4.8 of the Apache
+ are pleased to announce the release of version 2.4.9 of the Apache
HTTP Server ("Apache"). This version of Apache is our latest GA
release of the new generation 2.4.x branch of Apache HTTPD and
represents fifteen years of innovation by the project, and is
@@ -14,6 +14,11 @@
cookies. Clean up the cookie logging parser to recognize
only the cookie=value pairs, not valueless cookies.
+ CVE-2013-6438 (cve.mitre.org)
+ mod_dav: Keep track of length of cdata properly when removing
+ leading spaces. Eliminates a potential denial of service from
+ specifically crafted DAV WRITE requests
+
Also in this release are some exciting new features including:
*) Finer control over scoping of RewriteRules
@@ -22,9 +27,10 @@
*) mod_lua and mod_ssl enhancements
We consider this release to be the best version of Apache available, and
- encourage users of all prior versions to upgrade.
+ encourage users of all prior versions to upgrade. NOTE: 2.4.9 was not
+ released.
- Apache HTTP Server 2.4.8 is available for download from:
+ Apache HTTP Server 2.4.9 is available for download from:
http://httpd.apache.org/download.cgi
@@ -35,7 +41,7 @@
http://httpd.apache.org/docs/trunk/new_features_2_4.html
Please see the CHANGES_2.4 file, linked from the download page, for a
- full list of changes. A condensed list, CHANGES_2.4.8 includes only
+ full list of changes. A condensed list, CHANGES_2.4.9 includes only
those changes introduced since the prior 2.4 release. A summary of all
of the security vulnerabilities addressed in this and earlier releases
is available: