[ol8_appstream] mod_session-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64

Name:	mod_session
Version:	2.4.37
Release:	41.0.1.module+el8.5.0+20323+c8e0c271
Architecture:	x86_64
Module:	httpd:2.4:8050020210712211742:b4937e53
Group:	System Environment/Daemons
Size:	114527
License:	ASL 2.0
RPM:	mod_session-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.x86_64.rpm
Source RPM:	httpd-2.4.37-41.0.1.module+el8.5.0+20323+c8e0c271.src.rpm
Build Date:	Mon Oct 11 2021
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://httpd.apache.org/
Summary:	Session interface for the Apache HTTP Server
Description:	The mod_session module and associated backends provide an abstract interface for storing and accessing per-user session data.

Changelog (Show File list) (Show related packages)

Mon Oct 11 2021 EL Errata <el-errata_ww@oracle.com> - 2.4.37-41.0.1

- Add checks on the configured UDS path [Orabug: 33412270][CVE-2021-40438]
- Set vstring per ORACLE_SUPPORT_PRODUCT [Orabug: 29892262]
- Replace index.html with Oracle's index page oracle_index.html

Fri Jul 09 2021 Luboš Uhliarik <luhliari@redhat.com> - 2.4.37-41

- Resolves: #1680111 - httpd sends reply to HTTPS GET using two TLS records
- Resolves: #1905613 - mod_ssl does not like valid certificate chain
- Resolves: #1935742 - [RFE] backport samesite/httponly/secure flags for
  usertrack
- Resolves: #1972500 - CVE-2021-30641 httpd:2.4/httpd: MergeSlashes regression
- Resolves: #1968307 - CVE-2021-26690 httpd:2.4/httpd: mod_session NULL pointer
  dereference in parser
- Resolves: #1934741 - Apache trademark update - new logo

Fri May 14 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-40

- Resolves: #1952557 - mod_proxy_wstunnel.html is a malformed XML
- Resolves: #1937334 - SSLProtocol with based virtual hosts

Tue Jan 26 2021 Artem Egorenkov <aegorenk@redhat.com> - 2.4.37-39

- prevent htcacheclean from while break when first file processed

Tue Jan 26 2021 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-38

- Resolves: #1918741 - Thousands of /tmp/modproxy.tmp.* files created by apache

Wed Dec 09 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-37

- Resolves: #1883648 - [RFE] Update httpd directive SSLProxyMachineCertificateFile
  to be able to handle certs without matching private key

Mon Nov 30 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-36

- Resolves: #1896176 - [RFE] ProxyWebsocketIdleTimeout from httpd
  mod_proxy_wstunnel
- Resolves: #1847585 - mod_ldap: High CPU usage at apr_ldap_rebind_remove()

Wed Nov 11 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-35

- Resolves: #1651376 - centralizing default index.html for httpd

Fri Nov 06 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-33

- Resolves: #1868608 - Intermittent Segfault in Apache httpd due to pool
  concurrency issues
- Resolves: #1861380 - httpd/mod_proxy_http/mod_ssl aborted when sending
  a client cert to backend server
- Resolves: #1680118 - unorderly connection close when client attempts
  renegotiation

Thu Oct 29 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.37-31

- Resolves: #1677590 - CVE-2018-17199 httpd:2.4/httpd: mod_session_cookie does
  not respect expiry time
- Resolves: #1869075 - CVE-2020-11984 httpd:2.4/httpd: mod_proxy_uswgi buffer
  overflow
- Resolves: #1872828 - httpd: typo in htpasswd, contained in httpd-tools package
- Resolves: #1869576 - httpd : mod_proxy should allow to specify
  Proxy-Authorization in ProxyRemote directive
- Resolves: #1875844 - mod_cgid takes CGIDScriptTimeout x 2 seconds for timeout
- Resolves: #1891829 - mod_proxy_hcheck Doesn't perform checks when in
  a balancer