JAX London 2014: A retrospective

Bug Fix and Security Updates for Apache HTTP Server 2.2.15

jt

The Apache HTTP Server Project have released version 2.2.15 of the Apache HTTP Server (httpd.)

This version of httpd is principally a security and bug fix release. Version 2.2.15 is updated in accordance with version 0.9.8m of the OpenSSL Project’s openssl library, and addresses the TLS renegotiation prefix injection attack ‘CVE-2009-3555.’The subrequest handling of request headers has been updated to always provide a shallow copy of the headers_in array to the subrequest. Version 2.2.15 introduces a new module to set timeouts and minimum data rates for receiving requests from the client.

Please see the Change Log for a full list of security updates and bug fixes.

Apache HTTP Server 2.2.15 is compatible with Apache Portable Runtime versions 1.3 and 1.4, APR-util library version 1.3, and APR-iconv library version 1.2.

Author
Comments
comments powered by Disqus