-
Mon Mar 28 2022 David Kubat <david.kubat@oracle.com> - 2.4.34-23.0.1.2
- Patch mod_proxy_hcheck: don't pile up health checks. (PR 63010) [Orabug: 33213072]
- replace index.html with Oracle's index page oracle_index.html
- update vstring in specfile
-
Wed Mar 23 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.34-23.2
- Resolves: #2065438 - CVE-2022-22720 httpd24-httpd: httpd: HTTP request
smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier
-
Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.34-23.1
- Resolves: #2035056 - CVE-2021-44790 httpd24-httpd: httpd: mod_lua: possible
buffer overflow when parsing multipart content
-
Thu Sep 30 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.34-23
- Resolves: #2007238 - CVE-2021-40438 httpd24-httpd: httpd: mod_proxy: SSRF via
a crafted request uri-path
-
Mon Sep 21 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-22
- Resolves: #1869076 - CVE-2020-11984 httpd24-httpd: httpd: mod_proxy_uswgi
buffer overflow
- Resolves: #1607737 - TCP healthchecks failing falsely / not actually checking
- Resolves: #1869078 - CVE-2020-11993 httpd24-httpd: httpd: mod_http2 concurrent
pool usage
-
Wed Sep 02 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-21
- Resolves: #1637891 - RHSCL httpd : mod_proxy should allow to specify
Proxy-Authorization in ProxyRemote directive
-
Mon Aug 31 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-20
- Resolves: #1869069 - CVE-2020-9490 httpd24-httpd: httpd: Push diary crash
on specifically crafted HTTP/2 header
-
Thu Jul 30 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-19
- Resolves: #1823836 - Backport of SessionExpiryUpdateInterval directive
- Resolves: #1600579 - mod_proxy_hcheck Doesn't perform checks in VirtualHost
- Resolves: #1809494 - Backport Apache Bug 53098 - mod_proxy_ajp: patch to set
worker secret passed to tomcat
- Resolves: #1828812 - httpd response contains garbage in Content-Type header
-
Tue Mar 17 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-18
- Related: #1743959 (CVE-2019-10098) - CVE-2019-10098 httpd: mod_rewrite
potential open redirect
-
Mon Feb 03 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.34-16
- remove bundled mod_md module
- Resolves: #1788976 - RFE: updated collection for httpd 2.4
- Resolves: #1743959 (CVE-2019-10098) - CVE-2019-10098 httpd: mod_rewrite
potential open redirect