| Обновился самый популярный веб-сервер (HTTPD) в Интернете с апреля 1996 года Apache. Распространяется с открытым исходным кодом, поддерживает большинство известных операционных систем, таких как Unix/Linux, Windows и т.д. Цель разработчиков - создание безопасного, эффективного, гибкого и расширяемого сервера, отвечающего современным стандартам.
[img]/templates/megal/dleimages/spoiler-plus.gif[/img]
[url=javascript:ShowOrHide(]Changes with Apache 2.2.15[/url] *) SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection
attack when compiled against OpenSSL version 0.9.8m or later. Introduces
the 'SSLInsecureRenegotiation' directive to reopen this vulnerability
and offer unsafe legacy renegotiation with clients which do not yet
support the new secure renegotiation protocol, RFC 5746.
[Joe Orton, and with thanks to the OpenSSL Team] *) SECURITY: CVE-2009-3555 (cve.mitre.org)
mod_ssl: A partial fix for the TLS renegotiation prefix injection attack
by rejecting any client-initiated renegotiations. Forcibly disable
keepalive for the connection if there is any buffered data readable. Any
configuration which requires renegotiation for per-directory/location
access control is still vulnerable, unless using OpenSSL >= 0.9.8l.
[Joe Orton, Ruediger Pluem, Hartmut Keil ] *) SECURITY: CVE-2010-0408 (cve.mitre.org)
mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent
when request headers indicate a request body is incoming; not a case of
HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola ] *) SECURITY: CVE-2010-0425 (cve.mitre.org)
mod_isapi: Do not unload an isapi .dll module until the request
processing is completed, avoiding orphaned callback pointers.
[Brett Gervasoni
, Jeff Trawick] *) SECURITY: CVE-2010-0434 (cve.mitre.org)
Ensure each subrequest has a shallow copy of headers_in so that the
parent request headers are not corrupted. Elimiates a problematic
optimization in the case of no request body. PR 48359
[Jake Scott, William Rowe, Ruediger Pluem] *) mod_reqtimeout: New module to set timeouts and minimum data rates for
receiving requests from the client. [Stefan Fritsch] *) mod_proxy_ajp: Really regard the operation a success, when the client
aborted the connection. In addition adjust the log message if the client
aborted the connection. [Ruediger Pluem] *) mod_negotiation: Preserve query string over multiviews negotiation.
This buglet was fixed for type maps in 2.2.6, but the same issue
affected multiviews and was overlooked.
PR 33112 [Joergen Thomsen Скачать
$IMAGE2$
| 
Ігор Пиляй