From: Eric Covener Date: Wed, 17 Jul 2024 18:20:34 +0000 (+0000) Subject: publishing release httpd-2.4.62 X-Git-Tag: 2.4.63-candidate~172 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=363d239bede4bd4af25ce9a70cc4b9c1499f224c;p=thirdparty%2Fapache%2Fhttpd.git publishing release httpd-2.4.62 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1919317 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index cd86fe75405..083208ee42f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,28 @@ -*- coding: utf-8 -*- +Changes with Apache 2.4.63 + Changes with Apache 2.4.62 + *) SECURITY: CVE-2024-40898: Apache HTTP Server: SSRF with + mod_rewrite in server/vhost context on Windows (cve.mitre.org) + SSRF in Apache HTTP Server on Windows with mod_rewrite in + server/vhost context, allows to potentially leak NTML hashes to + a malicious server via SSRF and malicious requests. + Users are recommended to upgrade to version 2.4.62 which fixes + this issue. + Credits: Smi1e (DBAPPSecurity Ltd.) + + *) SECURITY: CVE-2024-40725: Apache HTTP Server: source code + disclosure with handlers configured via AddType (cve.mitre.org) + A partial fix for CVE-2024-39884 in the core of Apache HTTP + Server 2.4.61 ignores some use of the legacy content-type based + configuration of handlers. "AddType" and similar configuration, + under some circumstances where files are requested indirectly, + result in source code disclosure of local content. For example, + PHP scripts may be served instead of interpreted. + Users are recommended to upgrade to version 2.4.62, which fixes + this issue. + *) mod_proxy: Fix canonicalisation and FCGI env (PATH_INFO, SCRIPT_NAME) for "balancer:" URLs set via SetHandler, also allowing for "unix:" sockets with BalancerMember(s). PR 69168. [Yann Ylavic] diff --git a/STATUS b/STATUS index b3689bedc33..96161c7fef7 100644 --- a/STATUS +++ b/STATUS @@ -29,7 +29,8 @@ Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] - 2.4.62 : In development + 2.4.63 : In development + 2.4.62 : Released on July 17, 2024 2.4.61 : Released on July 03, 2024 2.4.60 : Released on July 01, 2024 2.4.59 : Released on April 04, 2024 diff --git a/docs/manual/mod/core.html.de b/docs/manual/mod/core.html.de index a025992d21f..06368d2729a 100644 --- a/docs/manual/mod/core.html.de +++ b/docs/manual/mod/core.html.de @@ -3624,7 +3624,7 @@ bevor er die Anfrage abbricht - + diff --git a/docs/manual/mod/core.html.es b/docs/manual/mod/core.html.es index a563573c4e7..5efc11de56e 100644 --- a/docs/manual/mod/core.html.es +++ b/docs/manual/mod/core.html.es @@ -4323,7 +4323,7 @@ certain events before failing a request
Beschreibung:Controls what UNC host names can be accessed by the server
Syntax:UNCListhostname ...
Syntax:UNCList hostname [hostname...]
Voreinstellung:unset
Kontext:Serverkonfiguration
Status:Core
- + diff --git a/docs/manual/mod/core.html.ja.utf8 b/docs/manual/mod/core.html.ja.utf8 index e807744543f..96d4454b725 100644 --- a/docs/manual/mod/core.html.ja.utf8 +++ b/docs/manual/mod/core.html.ja.utf8 @@ -3552,7 +3552,7 @@ of a request or the last 63, assuming the request itself is greater than
Descripción:Controls what UNC host names can be accessed by the server
Sintaxis:UNCListhostname ...
Sintaxis:UNCList hostname [hostname...]
Valor por defecto:unset
Contexto:server config
Estado:Core
- + diff --git a/docs/manual/mod/core.html.tr.utf8 b/docs/manual/mod/core.html.tr.utf8 index c3743b8ec2d..cbe05acb91f 100644 --- a/docs/manual/mod/core.html.tr.utf8 +++ b/docs/manual/mod/core.html.tr.utf8 @@ -4971,7 +4971,7 @@ gerçekleşmesi için sunucunun geçmesini bekleyeceği süre.
説明:Controls what UNC host names can be accessed by the server
構文:UNCListhostname ...
構文:UNCList hostname [hostname...]
デフォルト:unset
コンテキスト:サーバ設定ファイル
ステータス:Core
- + diff --git a/docs/manual/mod/mod_rewrite.html.fr.utf8 b/docs/manual/mod/mod_rewrite.html.fr.utf8 index d69f368ddbf..41867ce9117 100644 --- a/docs/manual/mod/mod_rewrite.html.fr.utf8 +++ b/docs/manual/mod/mod_rewrite.html.fr.utf8 @@ -29,6 +29,8 @@

Langues Disponibles:  en  |  fr 

+
Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.
Açıklama:Controls what UNC host names can be accessed by the server
Sözdizimi:UNCListhostname ...
Sözdizimi:UNCList hostname [hostname...]
Öntanımlı:unset
Bağlam:sunucu geneli
Durum:Çekirdek
diff --git a/docs/manual/mod/quickreference.html.de b/docs/manual/mod/quickreference.html.de index eb417c027e4..fbd90a93840 100644 --- a/docs/manual/mod/quickreference.html.de +++ b/docs/manual/mod/quickreference.html.de @@ -1197,7 +1197,7 @@ bevor er die Anfrage abbricht - diff --git a/docs/manual/mod/quickreference.html.es b/docs/manual/mod/quickreference.html.es index 84d952f7401..4773df593ca 100644 --- a/docs/manual/mod/quickreference.html.es +++ b/docs/manual/mod/quickreference.html.es @@ -1186,7 +1186,7 @@ certain events before failing a request - diff --git a/docs/manual/mod/quickreference.html.ja.utf8 b/docs/manual/mod/quickreference.html.ja.utf8 index fa803881467..74e84a69d20 100644 --- a/docs/manual/mod/quickreference.html.ja.utf8 +++ b/docs/manual/mod/quickreference.html.ja.utf8 @@ -1114,7 +1114,7 @@ Certificate verification - diff --git a/docs/manual/mod/quickreference.html.ko.euc-kr b/docs/manual/mod/quickreference.html.ko.euc-kr index 60a7ae287bb..e4096378cae 100644 --- a/docs/manual/mod/quickreference.html.ko.euc-kr +++ b/docs/manual/mod/quickreference.html.ko.euc-kr @@ -1142,7 +1142,7 @@ certain events before failing a request - diff --git a/docs/manual/mod/quickreference.html.tr.utf8 b/docs/manual/mod/quickreference.html.tr.utf8 index 2c5261eb041..9dc9099f740 100644 --- a/docs/manual/mod/quickreference.html.tr.utf8 +++ b/docs/manual/mod/quickreference.html.tr.utf8 @@ -1181,7 +1181,7 @@ gerçekleşmesi için sunucunun geçmesini bekleyeceği süre. - diff --git a/docs/manual/mod/quickreference.html.zh-cn.utf8 b/docs/manual/mod/quickreference.html.zh-cn.utf8 index a358a1a156a..22748a65b49 100644 --- a/docs/manual/mod/quickreference.html.zh-cn.utf8 +++ b/docs/manual/mod/quickreference.html.zh-cn.utf8 @@ -1178,7 +1178,7 @@ certain events before failing a request - diff --git a/docs/manual/rewrite/flags.html.fr.utf8 b/docs/manual/rewrite/flags.html.fr.utf8 index 3d0c3ae17cb..35d76ccac5d 100644 --- a/docs/manual/rewrite/flags.html.fr.utf8 +++ b/docs/manual/rewrite/flags.html.fr.utf8 @@ -26,6 +26,8 @@

Langues Disponibles:  en  |  fr 

+
Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.

Ce document décrit les drapeaux disponibles dans la directive RewriteRule, en fournissant diff --git a/docs/manual/style/version.ent b/docs/manual/style/version.ent index e3df8e231fe..6f52c11c180 100644 --- a/docs/manual/style/version.ent +++ b/docs/manual/style/version.ent @@ -19,6 +19,6 @@ - + diff --git a/include/ap_release.h b/include/ap_release.h index 72129fa2fd4..d2a93751c7a 100644 --- a/include/ap_release.h +++ b/include/ap_release.h @@ -43,7 +43,7 @@ #define AP_SERVER_MAJORVERSION_NUMBER 2 #define AP_SERVER_MINORVERSION_NUMBER 4 -#define AP_SERVER_PATCHLEVEL_NUMBER 62 +#define AP_SERVER_PATCHLEVEL_NUMBER 63 #define AP_SERVER_DEVBUILD_BOOLEAN 1 /* Synchronize the above with docs/manual/style/version.ent */

Description:Ce module fournit un moteur de réécriture à base de règles permettant de réécrire les URLs des requêtes à la volée
TraceEnable [on|off|extended] on sC
Legt das Verhalten von TRACE-Anfragen fest
TransferLog file|pipesvB
Specify location of a log file
TypesConfig file-path conf/mime.types sB
The location of the mime.types file
UNCListhostname ...sC
Controls what UNC host names can be accessed by the server +
UNCList hostname [hostname...]sC
Controls what UNC host names can be accessed by the server
UnDefine parameter-namesC
Undefine the existence of a variable
UndefMacro namesvdB
Undefine a macro
TraceEnable [on|off|extended] on sC
Determines the behaviour on TRACE requests
TransferLog file|pipesvB
Specify location of a log file
TypesConfig file-path conf/mime.types sB
The location of the mime.types file
UNCListhostname ...sC
Controls what UNC host names can be accessed by the server +
UNCList hostname [hostname...]sC
Controls what UNC host names can be accessed by the server
UnDefine parameter-namesC
Undefine the existence of a variable
UndefMacro namesvdB
Undefine a macro
TransferLog file|pipesvB
ログファイルの位置を指定
TypesConfig file-path conf/mime.types s
mime.types ファイルの位置
UNCListhostname ...sC
Controls what UNC host names can be accessed by the server +
UNCList hostname [hostname...]sC
Controls what UNC host names can be accessed by the server
UnDefine parameter-namesC
Undefine the existence of a variable
UndefMacro namesvdB
Undefine a macro
TraceEnable [on|off|extended] on svC
Determines the behavior on TRACE requests
TransferLog file|pipesvB
·Î±×ÆÄÀÏ À§Ä¡¸¦ ¼³Á¤ÇÑ´Ù
TypesConfig file-path conf/mime.types sB
The location of the mime.types file
UNCListhostname ...sC
Controls what UNC host names can be accessed by the server +
UNCList hostname [hostname...]sC
Controls what UNC host names can be accessed by the server
UnDefine parameter-namesC
Undefine the existence of a variable
UndefMacro namesvdB
Undefine a macro
TransferLog dosya|borulu-süreç [takma-ad]skT
Bir günlük dosyasının yerini belirtir.
TypesConfig file-path conf/mime.types sT
The location of the mime.types file
UNCListhostname ...sÇ
Controls what UNC host names can be accessed by the server +
UNCList hostname [hostname...]sÇ
Controls what UNC host names can be accessed by the server
UnDefine değişken-ismisÇ
Bir değişkeni tanımsız yapar
UndefMacro nameskdT
Undefine a macro
TraceEnable [on|off|extended] on svC
Determines the behavior on TRACE requests
TransferLog file|pipesvB
Specify location of a log file
TypesConfig file-path conf/mime.types sB
The location of the mime.types file
UNCListhostname ...sC
Controls what UNC host names can be accessed by the server +
UNCList hostname [hostname...]sC
Controls what UNC host names can be accessed by the server
UnDefine parameter-namesC
Undefine the existence of a variable
UndefMacro namesvdB
Undefine a macro