From d49b8e01d885f85bdcec355190fbcf066d0afc50 Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Wed, 3 Jul 2024 15:00:11 +0000 Subject: [PATCH] publishing release httpd-2.4.61 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918882 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 13 +++++++++++++ STATUS | 3 ++- docs/manual/misc/security_tips.html.fr.utf8 | 2 ++ docs/manual/misc/security_tips.html.tr.utf8 | 1 + docs/manual/style/version.ent | 2 +- include/ap_release.h | 2 +- 6 files changed, 20 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index eea1e55ab85..cc72b91ad7f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,19 @@ -*- coding: utf-8 -*- +Changes with Apache 2.4.62 + Changes with Apache 2.4.61 + *) SECURITY: CVE-2024-39884: Apache HTTP Server: source code + disclosure with handlers configured via AddType (cve.mitre.org) + A regression in the core of Apache HTTP Server 2.4.60 ignores + some use of the legacy content-type based configuration of + handlers. "AddType" and similar configuration, under some + circumstances where files are requested indirectly, result in + source code disclosure of local content. For example, PHP + scripts may be served instead of interpreted. + Users are recommended to upgrade to version 2.4.61, which fixes + this issue. + Changes with Apache 2.4.60 *) SECURITY: CVE-2024-39573: Apache HTTP Server: mod_rewrite proxy diff --git a/STATUS b/STATUS index e5e17c36e66..25578dcb1bc 100644 --- a/STATUS +++ b/STATUS @@ -29,7 +29,8 @@ Release history: [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases, while x.{even}.z versions are Stable/GA releases.] - 2.4.61 : In development + 2.4.62 : In development + 2.4.61 : Released on July 03, 2024 2.4.60 : Released on July 01, 2024 2.4.59 : Released on April 04, 2024 2.4.58 : Released on October 19, 2023 diff --git a/docs/manual/misc/security_tips.html.fr.utf8 b/docs/manual/misc/security_tips.html.fr.utf8 index 043d00a0648..741a0e742ba 100644 --- a/docs/manual/misc/security_tips.html.fr.utf8 +++ b/docs/manual/misc/security_tips.html.fr.utf8 @@ -28,6 +28,8 @@  ko  |  tr 

+
Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.

Ce document propose quelques conseils et astuces concernant les problèmes de sécurité liés diff --git a/docs/manual/misc/security_tips.html.tr.utf8 b/docs/manual/misc/security_tips.html.tr.utf8 index d2f75cf37c4..0fbc51fc7df 100644 --- a/docs/manual/misc/security_tips.html.tr.utf8 +++ b/docs/manual/misc/security_tips.html.tr.utf8 @@ -28,6 +28,7 @@  ko  |  tr 

+
Bu çeviri güncel olmayabilir. Son değişiklikler için İngilizce sürüm geçerlidir.

Bir HTTP Sunucusunu ayarlarken dikkat edilmesi gerekenler ve bazı ipuçları. Öneriler kısmen Apache’ye özel kısmen de genel olacaktır.

diff --git a/docs/manual/style/version.ent b/docs/manual/style/version.ent index 9e62accb20a..e3df8e231fe 100644 --- a/docs/manual/style/version.ent +++ b/docs/manual/style/version.ent @@ -19,6 +19,6 @@ - + diff --git a/include/ap_release.h b/include/ap_release.h index ed2ec71ab17..72129fa2fd4 100644 --- a/include/ap_release.h +++ b/include/ap_release.h @@ -43,7 +43,7 @@ #define AP_SERVER_MAJORVERSION_NUMBER 2 #define AP_SERVER_MINORVERSION_NUMBER 4 -#define AP_SERVER_PATCHLEVEL_NUMBER 61 +#define AP_SERVER_PATCHLEVEL_NUMBER 62 #define AP_SERVER_DEVBUILD_BOOLEAN 1 /* Synchronize the above with docs/manual/style/version.ent */ -- 2.47.2