httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig Young <>
Subject Re: [users@httpd] RE: [ANNOUNCE] Apache HTTP Server 2.4.29 Released
Date Wed, 25 Oct 2017 21:02:41 GMT
I’m not sure if this is what is referred to in the Apache 2.4.29 announcement, but please
note that the Apache Portable Runtime v1.6.3 release resolved memory safety issues I found
in functions used within HTTP server.  This was released in conjunction with 2.4.29.

Using HTTP server linked to prior versions of APR exposes the risks outlined in my email sent
to this list on Monday.

Best Regards,

On 10/25/17, 1:05 PM, "Development Manager" <> wrote:

    The 2.4.29 changes document doesn't reference any CVE articles, though the announcement
indicates that this is a security release. Are any of the 2.4.29 changes security related?
    To unsubscribe, e-mail:
    For additional commands, e-mail:

View raw message