Changelog for
mod_ssl-2.4.57-5.el9.i686.rpm :
* Thu Jul 20 2023 Tomas Korbar
- 2.4.57-5- Fix issue found by covscan- Related: #2222001
* Tue Jul 18 2023 Joe Orton - 2.4.57-4- Resolves: #2217726 - Make PROPFIND tolerant of deletion race
* Tue Jul 11 2023 Tomas Korbar - 2.4.57-3- Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice
* Fri Apr 14 2023 Luboš Uhliarik - 2.4.57-2- Resolves: #2186645 - Fix issue found by covscan in httpd package- Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi
* Tue Apr 11 2023 Luboš Uhliarik - 2.4.57-1- Resolves: #2184403 - rebase httpd to 2.4.57- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with mod_rewrite and mod_proxy
* Mon Jan 30 2023 Luboš Uhliarik - 2.4.53-11- Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write of zero byte- Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting- Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request smuggling
* Tue Jan 24 2023 Luboš Uhliarik - 2.4.53-10- Resolves: #2160667 - prevent sscg creating /dhparams.pem
* Thu Dec 08 2022 Luboš Uhliarik - 2.4.53-9- Resolves: #2143176 - Dependency from mod_http2 on httpd broken
* Tue Dec 06 2022 Luboš Uhliarik - 2.4.53-8- Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO
* Wed Jul 20 2022 Luboš Uhliarik - 2.4.53-7- Resolves: #2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling- Resolves: #2097032 - CVE-2022-28615 httpd: out-of-bounds read in ap_strcmp_match()- Resolves: #2098248 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism- Resolves: #2097016 - CVE-2022-28614 httpd: out-of-bounds read via ap_rwrite()- Resolves: #2097452 - CVE-2022-29404 httpd: mod_lua: DoS in r:parsebody- Resolves: #2097459 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability- Resolves: #2097481 - CVE-2022-30556 httpd: mod_lua: Information disclosure with websockets
* Mon Jun 27 2022 Luboš Uhliarik - 2.4.53-6- Related: #2065677 - httpd minimisation for ubi-micro
* Fri Jun 24 2022 Luboš Uhliarik - 2.4.53-5- Resolves: #2098056 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()
* Thu Jun 16 2022 Luboš Uhliarik - 2.4.53-4- Resolves: #2095838 - mod_mime_magic: invalid type 0 in mconvert()
* Wed Jun 01 2022 Luboš Uhliarik - 2.4.53-3- Resolves: #2065677 - httpd minimisation for ubi-micro- minimize httpd dependencies (new httpd-core package)- mod_systemd and mod_brotli are now packaged in the main httpd package
* Tue May 31 2022 Luboš Uhliarik - 2.4.53-1- new version 2.4.53- Resolves: #2079939 - httpd rebase to 2.4.53- Resolves: #2075406 - httpd.conf uses icon bomb.gif for all files/dirs ending with core
* Mon Apr 11 2022 Luboš Uhliarik - 2.4.51-8- Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using SetEnv or PassEnv
* Mon Mar 21 2022 Luboš Uhliarik - 2.4.51-7- Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier- Resolves: #2066311 - CVE-2021-44224 httpd: possible NULL dereference or SSRF in forward proxy configurations
* Mon Jan 10 2022 Luboš Uhliarik - 2.4.51-5- Resolves: #2035064 - CVE-2021-44790 httpd: mod_lua: possible buffer overflow when parsing multipart content
* Mon Dec 06 2021 Neal Gompa - 2.4.51-4- Use NAME from os-release(5) for vendor string Resolves: #2029071 - httpd on CentOS identifies as RHEL
* Fri Dec 03 2021 Joe Orton - 2.4.51-3- add fixes for static analyzer issues (#1938740)
* Mon Nov 08 2021 Luboš Uhliarik - 2.4.51-2- Resolves: #2005416 - httpd default configuration changes
* Tue Oct 19 2021 Luboš Uhliarik - 2.4.51-1- new version 2.4.51 (#2011090)
* Fri Sep 17 2021 Luboš Uhliarik - 2.4.49-1- new version 2.4.49 (#2005339)
* Wed Sep 15 2021 Luboš Uhliarik - 2.4.48-18- Resolves: #2004143 - RFE: mod_ssl: allow sending multiple CA names which differ only in case
* Mon Aug 09 2021 Mohan Boddu - 2.4.48-17- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688
* Fri Aug 06 2021 Luboš Uhliarik - 2.4.48-16- Resolves: #1956386 - Apache trademark update - new logo
* Fri Aug 06 2021 Florian Weimer - 2.4.48-14- Rebuild to pick up new build flags from redhat-rpm-config (#1984652)
* Wed Jul 28 2021 Joe Orton - 2.4.48-13- mod_ssl: OpenSSL 3 compatibility update (#1986822)