Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Apache httpd 2.4.33 GA available |
|
Author |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3095 Location: Hilversum, NL, EU
|
Posted: Wed 21 Mar '18 18:11 Post subject: Apache httpd 2.4.33 GA available |
|
|
Apache httpd 2.4.33 is released as GA.
28 March 2018: Update OpenSSL, see changelog
ASF and Apachelounge changes :
www.apachelounge.com/Changelog-2.4.html
See post below for the fixed CVE security vulnerabilities.
Highlights Changelog:
*) Includes fix for mod_proxy_balancer
*) 2.4.32 Was released but not announced by the ASF, because mod_proxy_balancer issue
*) Includes fix for crashing with modules like mod_security
*) mod_md is in 2.4.30 added as an experimental module, not advised to use in production yet, see www.apachelounge.com/viewtopic.php?t=7786
*) 2.4.30 and 2.4.31 not released.
Build with dependencies:
- VC15 openssl 1.1.0h, VC11/14 openssl 1.0.2o
- nghttp2 1.31.0
- jansson 2.11
- curl 7.59.0
- apr 1.6.3
- apr-util 1.6.1 with Crypto OpenSSL enabled
- apr-iconv 1.2.2
- zlib 1.2.11
- brotli lib 1.0.3
- pcre 8.42 with JIT, SUPPORT_UTF, SUPPORT_UNICODE_PROPERTIES, REBUILD_CHARTABLES
- httpd.exe with OPENSSL_Applink and VC14/15 SupportedOS Manifest
- libxml2 2.9.8
- lua 5.2.4
- expat 2.2.5
VC15 notes:
VC15 is backward compatible to VC14. That means, a VC14 module can be used inside a VC15 binary (for example PHP VC14 as module). Because this compatibility the version number of the Redistributable is 14.1x.xx and after you install, the Redistributable VS2015 is updated from 14.0x.xx to VS2017 14.1x.xx (you can still use VC14).
Documentation: http://httpd.apache.org/docs/2.4/
When you have hangs, slow traffic and/or when having in your log entries like Asynchronous AcceptEx failed. You can try the following settings:
AcceptFilter http none
AcceptFilter https none
EnableSendfile off
EnableMMAP off
Enjoy,
Steffen
Last edited by Steffen on Sat 14 Jul '18 10:42; edited 3 times in total |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3095 Location: Hilversum, NL, EU
|
Posted: Sat 24 Mar '18 12:07 Post subject: |
|
|
The ASF forgot tho mention security vulnerabilities fixed in 2.4.30.
Added now to www.apachelounge.com/Changelog-2.4.html
In 2.4.30:
*) SECURITY: CVE-2017-15710 (cve.mitre.org)
Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig enabled
*) CVE-2018-1283 (cve.mitre.org)
mod_session: CGI-like applications that intend to read from mod_session's
'SessionEnv ON' could be fooled into reading user-supplied data instead.
*) SECURITY: CVE-2018-1303 (cve.mitre.org)
mod_cache_socache: Fix request headers parsing to avoid a possible crash
with specially crafted input data.
*) CVE-2018-1301 (cve.mitre.org)
core: Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production LogLevel.
*) CVE-2017-15715 (cve.mitre.org)
core: Configure the regular expression engine to match '$' to the end of
the input string only, excluding matching the end of any embedded
newline characters. Behavior can be changed with new directive
'RegexDefaultOptions'.
*) SECURITY: CVE-2018-1312 (cve.mitre.org)
mod_auth_digest: Fix generation of nonce values to prevent replay
attacks across servers using a common Digest domain. This change
*) CVE-2018-1302 (cve.mitre.org)
mod_http2: Potential crash w/ mod_http2. |
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3095 Location: Hilversum, NL, EU
|
|
Back to top |
|
Steffen Moderator
Joined: 15 Oct 2005 Posts: 3095 Location: Hilversum, NL, EU
|
Posted: Wed 09 May '18 11:56 Post subject: |
|
|
Update available for Microsoft Visual C++ Redistributable for Visual Studio 2017.
See VC15 download page.
Now the version is 14.14.26405.0 |
|
Back to top |
|
admin Site Admin
Joined: 15 Oct 2005 Posts: 693
|
Posted: Wed 11 Jul '18 14:49 Post subject: |
|
|
New version 14.14.26429.4 Microsoft Visual C++ Redistributable for Visual Studio 2017
To update use the link on the VC15 download page. |
|
Back to top |
|
|
|
|
|
|