We will be performing apache update to 2.2.20 this week. This would take place as far as possible during the off-peak hours. There will be no reboot and we expect no noticeable downtime after update.
This update is scheduled as follows:
Date: 04 September 2011 (Sunday) to 11 September 2011 (Sunday)
This version of Apache is principally a security and bug fix release:
* SECURITY: CVE-2011-3192 (cve.mitre.org) core:
Fix handling of byte-range requests to use less memory, to avoid denial of service. If the sum of all ranges in a request is larger than the original file, ignore the ranges and send the complete file. PR 51714.
Some core enhancements include the following:
- Authn/Authz: The bundled authentication and authorization modules have been refactored. The new mod_authn_alias module can greatly simplify certain authentication configurations. See module name changes, and the developer changes for more information about how these changes affects users and module writers.
- Caching: mod_cache, mod_disk_cache, and mod_mem_cache have undergone a lot of changes, and are now considered production-quality. htcacheclean has been introduced to clean up mod_disk_cache setups.
- Configuration: The default configuration layout has been simplified and modularised. Configuration snippets which can be used to enable commonly-used features are now bundled with Apache, and can be easily added to the main server config.
A summary of all of the security vulnerabilities addressed in this and earlier releases is available: http://httpd.apache.org/security/vulnerabilities_22.html
This release includes the Apache Portable Runtime (APR) version 1.4.5 and APR Utility Library (APR-util) version 1.3.12, bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv version 1.2.1) must all be updated to ensure binary compatibility and address many known security and platform bugs.
الاثنين, سبتمبر/التاسع 5, 2011
Powered by WHMCompleteSolution
