-
Mon Dec 20 2021 Kaylin Devchand <kaylin.devchand@oracle.com> - 2.4.37-39.2.0.2
- mod_session: save one apr_strtok() [Orabug: 33338149][CVE-2021-26690]
-
Mon Dec 20 2021 EL Errata <el-errata_ww@oracle.com> - 2.4.37-39.2.0.1
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html
-
Fri Oct 29 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-39.2
- Resolves: #2017856 - proxy rewrite to unix socket fails with CVE-2021-40438
fix
-
Thu Sep 30 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-39.1
- Resolves: #2007234 - CVE-2021-40438 httpd:2.4/httpd: mod_proxy: SSRF via
a crafted request uri-path
- Resolves: #2007646 - CVE-2021-26691 httpd:2.4/httpd: Heap overflow in
mod_session
-
Tue Jan 26 2021 Artem Egorenkov <aegorenk@redhat.com> - 2.4.37-39
- prevent htcacheclean from while break when first file processed
-
Tue Jan 26 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-38
- Resolves: #1918741 - Thousands of /tmp/modproxy.tmp.* files created by apache
-
Wed Dec 09 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-37
- Resolves: #1883648 - [RFE] Update httpd directive SSLProxyMachineCertificateFile
to be able to handle certs without matching private key
-
Mon Nov 30 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-36
- Resolves: #1896176 - [RFE] ProxyWebsocketIdleTimeout from httpd
mod_proxy_wstunnel
- Resolves: #1847585 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()
-
Wed Nov 11 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-35
- Resolves: #1651376 - centralizing default index.html for httpd
-
Fri Nov 06 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-33
- Resolves: #1868608 - Intermittent Segfault in Apache httpd due to pool
concurrency issues
- Resolves: #1861380 - httpd/mod_proxy_http/mod_ssl aborted when sending
a client cert to backend server
- Resolves: #1680118 - unorderly connection close when client attempts
renegotiation