-*- coding: utf-8 -*-
+Changes with Apache 2.4.57
+
Changes with Apache 2.4.56
+ *) SECURITY: CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi
+ HTTP response splitting (cve.mitre.org)
+ HTTP Response Smuggling vulnerability in Apache HTTP Server via
+ mod_proxy_uwsgi. This issue affects Apache HTTP Server: from
+ 2.4.30 through 2.4.55.
+ Special characters in the origin response header can
+ truncate/split the response forwarded to the client.
+ Credits: Dimas Fariski Setyawan Putra (nyxsorcerer)
+
+ *) SECURITY: CVE-2023-25690: HTTP request splitting with
+ mod_rewrite and mod_proxy (cve.mitre.org)
+ Some mod_proxy configurations on Apache HTTP Server versions
+ 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
+ Configurations are affected when mod_proxy is enabled along with
+ some form of RewriteRule
+ or ProxyPassMatch in which a non-specific pattern matches
+ some portion of the user-supplied request-target (URL) data and
+ is then
+ re-inserted into the proxied request-target using variable
+ substitution. For example, something like:
+ RewriteEngine on
+ RewriteRule "^/here/(.*)" "
+ http://example.com:8080/elsewhere?$1"
+ http://example.com:8080/elsewhere ; [P]
+ ProxyPassReverse /here/ http://example.com:8080/
+ http://example.com:8080/
+ Request splitting/smuggling could result in bypass of access
+ controls in the proxy server, proxying unintended URLs to
+ existing origin servers, and cache poisoning.
+ Credits: Lars Krapf of Adobe
+
*) rotatelogs: Add -T flag to allow subsequent rotated logfiles to be
truncated without the initial logfile being truncated. [Eric Covener]
[NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
while x.{even}.z versions are Stable/GA releases.]
- 2.4.56 : In development
+ 2.4.57 : In development
+ 2.4.56 : Released on March 07, 2023
2.4.55 : Released on January 17, 2023
2.4.54 : Released on June 08, 2022
2.4.53 : Released on March 14, 2022
<p><span>Langues Disponibles: </span><a href="../en/mod/mod_md.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="../fr/mod/mod_md.html" title="Français"> fr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Gestion des domaines au sein des serveurs virtuels et obtention
de certificats via le protocole ACME
</td></tr>
<a href="../ko/programs/rotatelogs.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="../tr/programs/rotatelogs.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p>
</div>
+<div class="outofdate">Cette traduction peut être périmée. Vérifiez la version
+ anglaise pour les changements récents.</div>
<p><code>rotatelogs</code> est un programme simple à utiliser en
conjonction avec la fonctionnalité d'Apache de redirection dans un
#define AP_SERVER_MAJORVERSION_NUMBER 2
#define AP_SERVER_MINORVERSION_NUMBER 4
-#define AP_SERVER_PATCHLEVEL_NUMBER 56
+#define AP_SERVER_PATCHLEVEL_NUMBER 57
#define AP_SERVER_DEVBUILD_BOOLEAN 1
/* Synchronize the above with docs/manual/style/version.ent */
projects / thirdparty / apache / httpd.git / commitdiff
