-
Mon Aug 24 2015 Kevin Lyons <kevin.x.lyons@oracle.com> - 2.4.6-31.0.1.el7_1.1
- replace index.html with Oracle's index page oracle_index.html
-
Mon Aug 10 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-31.1
- core: fix chunk header parsing defect (CVE-2015-3183)
- core: replace of ap_some_auth_required with ap_some_authn_required
and ap_force_authn hook (CVE-2015-3185)
-
Tue Dec 02 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-31
- mod_proxy_fcgi: determine if FCGI_CONN_CLOSE should be enabled
instead of hardcoding it (#1168050)
- mod_proxy: support Unix Domain Sockets (#1168081)
-
Tue Nov 25 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-30
- core: fix bypassing of mod_headers rules via chunked requests (CVE-2013-5704)
- mod_cache: fix NULL pointer dereference on empty Content-Type (CVE-2014-3581)
-
Tue Nov 04 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-29
- rebuild against proper version of OpenSSL (#1080125)
-
Wed Oct 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-28
- set vstring based on /etc/os-release (#1114123)
-
Mon Oct 06 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-27
- fix the dependency on openssl-libs to match the fix for #1080125
-
Mon Sep 22 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-26
- allow <Auth*ProviderAlias>'es to be seen under virtual hosts (#1131847)
-
Fri Sep 19 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-25
- do not use hardcoded curve for ECDHE suites (#1080125)
-
Wed Sep 03 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-24
- allow reverse-proxy to be set via SetHandler (#1136290)