mod_proxy_html-2.4.57-1.an3.x86_64
[46 KiB] |
Changelog
by JoungKyun.Kim (2023-08-26):
- update 2.4.57
see also https://downloads.apache.org/httpd/CHANGES_2.4.57
- security issues
. CVE-2023-27522: mod_proxy_uwsgi HTTP response splitting
. CVE-2023-25690: mod_rewrite, mod_proxy HTTP request splitting
|
mod_proxy_html-2.4.55-1.an3.x86_64
[46 KiB] |
Changelog
by JoungKyun.Kim (2023-02-08):
- update 2.4.55
see also https://downloads.apache.org/httpd/CHANGES_2.4.55
- security issues
. CVE-2022-37436: mod_proxy allows a backend to trigger HTTP response splitting
. CVE-2022-36760: mod_proxy_ajp Possible request smuggling
. CVE-2006-20001: mod_dav out of bounds read, or write of zero byte
|
mod_proxy_html-2.4.54-1.an3.x86_64
[46 KiB] |
Changelog
by JoungKyun.Kim (2022-08-27):
- update 2.4.54
see also https://downloads.apache.org/httpd/CHANGES_2.4.54
- security issues
. CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
. CVE-2022-30556: Information Disclosure in mod_lua with websockets
. CVE-2022-30522: mod_sed denial of service
. CVE-2022-29404: Denial of service in mod_lua r:parsebody
. CVE-2022-28615: Read beyond bounds in ap_strcmp_match()
. CVE-2022-28614: read beyond bounds via ap_rwrite()
. CVE-2022-28330: read beyond bounds in mod_isapi
. CVE-2022-26377: mod_proxy_ajp: Possible request smuggling
|
mod_proxy_html-2.4.53-1.an3.x86_64
[45 KiB] |
Changelog
by JoungKyun.Kim (2022-03-25):
- update 2.4.53
see also https://downloads.apache.org/httpd/CHANGES_2.4.53
- security issues
. CVE-2022-22719 lua: uninitialized value of in r:parsebody
. CVE-2022-22720 HTTP request smuggling vulnerability
. CVE-2022-22721 core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody
. CVE-2022-23943 sed: Read/write beyond bounds
|
mod_proxy_html-2.4.52-1.an3.x86_64
[45 KiB] |
Changelog
by JoungKyun.Kim (2021-12-29):
- update 2.5.52
see also https://downloads.apache.org/httpd/CHANGES_2.4.52
- security issues
. CVE-2021-44790 lua: Possible buffer overflow when parsing multipart content
. CVE-2021-44224 proxy: Possible NULL dereference or SSRF in forward proxy configurations
|
mod_proxy_html-2.4.51-1.an3.x86_64
[44 KiB] |
Changelog
by JoungKyun.Kim (2021-10-13):
- update 2.4.51
see also https://downloads.apache.org/httpd/CHANGES_2.4.50
see also https://downloads.apache.org/httpd/CHANGES_2.4.51
- security isseus
. CVE-2021-42013 core: Path traversal and file disclosure vulnerability
. CVE-2021-41773 core: Path traversal and file disclosure vulnerability
. CVE-2021-41524 core: null pointer dereference in h2 fuzzing
|
mod_proxy_html-2.4.49-1.an3.x86_64
[44 KiB] |
Changelog
by JoungKyun.Kim (2021-10-03):
- update 2.4.49
see also https://downloads.apache.org/httpd/CHANGES_2.4.49
- security issues
. CVE-2021-34798 core: null pointer dereference on malformed request
. CVE-2021-39275 core: ap_escape_quotes buffer overflow
. CVE-2021-33193 mod_http2: Request splitting vulnerability with mod_proxy
. CVE-2021-40438 mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty
. CVE-2021-36160 mod_proxy_uwsgi: Out of bound read vulnerability
|
mod_proxy_html-2.4.48-1.an3.x86_64
[43 KiB] |
Changelog
by JoungKyun.Kim (2021-07-22):
- update 2.4.48
see also https://downloads.apache.org/httpd/CHANGES_2.4.46
- security issues
. CVE-2021-31618
. CVE-2021-30641
. CVE-2020-35452
. CVE-2021-26691
. CVE-2021-26690
. CVE-2020-13950
. CVE-2020-13938
. CVE-2019-17567
|
mod_proxy_html-2.4.46-1.an3.x86_64
[43 KiB] |
Changelog
by JoungKyun.Kim (2020-08-17):
- update 2.4.46
see also https://downloads.apache.org/httpd/CHANGES_2.4.44
see also https://downloads.apache.org/httpd/CHANGES_2.4.45
see also https://downloads.apache.org/httpd/CHANGES_2.4.46
- security issues
. CVE-2020-11984
. CVE-2020-11993
|
mod_proxy_html-2.4.43-1.an3.x86_64
[43 KiB] |
Changelog
by JoungKyun.Kim (2020-04-06):
- update 2.4.43
see also https://downloads.apache.org/httpd/CHANGES_2.4.43
- security issues
. CVE-2020-1934
. CVE-2020-1927
|
mod_proxy_html-2.4.41-1.an3.x86_64
[43 KiB] |
Changelog
by JoungKyun.Kim (2019-08-24):
- update 2.4.41
see also http://www.apache.org/dist/httpd/CHANGES_2.4.41
- security issues
. CVE-2019-10081 mod_http2
. CVE-2019-9517 mod_http2
. CVE-2019-10098 rewrite
. CVE-2019-10092
. CVE-2019-10097 mod_remoteip
. CVE-2019-10082 mod_http2
|
mod_proxy_html-2.4.39-1.an3.x86_64
[42 KiB] |
Changelog
by JoungKyun.Kim (2019-05-13):
- update 2.4.39
see also http://www.apache.org/dist/httpd/CHANGES_2.4.36
see also http://www.apache.org/dist/httpd/CHANGES_2.4.37
see also http://www.apache.org/dist/httpd/CHANGES_2.4.38
see also http://www.apache.org/dist/httpd/CHANGES_2.4.39
- support TLS 1.3
- security issues
. CVE-2019-0197 mod_http2
. CVE-2019-0196 mod_http2
. CVE-2019-0211 MPM
. CVE-2019-0217 mod_auth_digest
. CVE-2019-0215 mod_ssl
. CVE-2019-0190 mod_ssl
. CVE-2019-0220 Merge consecutive slashes in URL's. Opt-out with `MergeSlashes OFF`
. CVE-2018-17199 mod_session_cookie
. CVE-2018-17189 mod_http2
|
mod_proxy_html-2.4.37-1.an3.x86_64
[42 KiB] |
Changelog
by JoungKyun.Kim (2018-12-10):
- update 2.4.37
see also http://www.apache.org/dist/httpd/CHANGES_2.4.37
|
mod_proxy_html-2.4.35-1.an3.x86_64
[42 KiB] |
Changelog
by JoungKyun.Kim (2018-10-13):
- update 2.4.35
see also http://www.apache.org/dist/httpd/CHANGES_2.4.35
|
mod_proxy_html-2.4.34-1.an3.x86_64
[41 KiB] |
Changelog
by JoungKyun.Kim (2018-08-19):
- update 2.4.34
see also http://www.apache.org/dist/httpd/CHANGES_2.4.34
- security issues
. CVE-2018-8011 mod_md
DoS via Coredumps on specially crafted requests
. CVE-2018-1333 mod_http2
DoS for HTTP/2 connections by specially crafted requests
|
mod_proxy_html-2.4.33-1.an3.x86_64
[41 KiB] |
Changelog
by JoungKyun.Kim (2018-04-08):
- update 2.4.33
see also http://www.apache.org/dist/httpd/CHANGES_2.4.33
see also http://www.apache.org/dist/httpd/CHANGES_2.4.32
see also http://www.apache.org/dist/httpd/CHANGES_2.4.29
- add mod_md module
- security issues
. CVE-2017-15710 mod_authnz_ldap:
Out of bound write with AuthLDAPCharsetConfig enabled
. CVE-2017-15715 core:
Configure the regular expression engine to match '$' to the end of
the input string only, excluding matching the end of any embedded
newline characters. Behavior can be changed with new directive
'RegexDefaultOptions'.
. CVE-2018-1283 mod_session:
CGI-like applications that intend to read from mod_session's
'SessionEnv ON' could be fooled into reading user-supplied data instead.
. CVE-2018-1301 core:
Possible crash with excessively long HTTP request headers.
Impractical to exploit with a production build and production LogLevel.
. CVE-2018-1302 mod_http2: Potential crash w/ mod_http2
. CVE-2018-1303 mod_cache_socache:
Fix request headers parsing to avoid a possible crash
with specially crafted input data.
. CVE-2018-1312 mod_auth_digest:
Fix generation of nonce values to prevent replay
attacks across servers using a common Digest domain. This change
may cause problems if used with round robin load balancers.
|
mod_proxy_html-2.4.28-1.an3.x86_64
[39 KiB] |
Changelog
by JoungKyun.Kim (2017-10-14):
- update 2.4.28
see also http://www.apache.org/dist/httpd/CHANGES_2.4.28
- security issues
. CVE-2017-9798
Corrupted or freed memory access.
. PR61382
mod_http2: Fix for stalling when more than 32KB are written to a suspended stream.
|
mod_proxy_html-2.4.27-1.an3.x86_64
[39 KiB] |
Changelog
by JoungKyun.Kim (2017-07-17):
- update 2.4.27
see also http://www.apache.org/dist/httpd/CHANGES_2.4.27
- security issues
. CVE-2017-7679
. CVE-2017-7668
. CVE-2017-7659
. CVE-2017-3169
. CVE-2017-3167
|
mod_proxy_html-2.4.25-1.an3.x86_64
[38 KiB] |
Changelog
by JoungKyun.Kim (2017-01-21):
- update 2.4.25
see also http://www.apache.org/dist/httpd/CHANGES_2.4.25
- security issues
. CVE-2016-8740
. CVE-2016-2161
. CVE-2016-0736
. CVE-2016-8743
|
mod_proxy_html-2.4.23-2.an3.x86_64
[38 KiB] |
Changelog
by JoungKyun.Kim (2016-08-25):
- support package name alias http-ssl, http-ldap, http-proxy-html, http-session
|
mod_proxy_html-2.4.23-1.an3.x86_64
[38 KiB] |
Changelog
by JoungKyun.Kim (2016-07-21):
- update 2.4.23
- security issues
. CVE-2016-5387
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and
therefore does not protect applications from the presence of untrusted
client data in the HTTP_PROXY environment variable, which might allow
remote attackers to redirect an application's outbound HTTP traffic to an
arbitrary proxy server via a crafted Proxy header in an HTTP request, aka
an "httpoxy" issue.
|
mod_proxy_html-2.4.18-3.an3.x86_64
[79 KiB] |
Changelog
by JoungKyun.Kim (2016-02-03):
- move ssl.conf to httpd-conf package
|
mod_proxy_html-2.4.18-2.an3.x86_64
[79 KiB] |
Changelog
by JoungKyun.Kim (2016-02-01):
- support ALPN for http2
|
mod_proxy_html-2.4.18-1.an3.x86_64
[79 KiB] |
Changelog
by JoungKyun.Kim (2016-01-14):
- update 2.4.18
|
mod_proxy_html-2.4.17-2.an3.x86_64
[79 KiB] |
Changelog
by JoungKyun.Kim (2015-12-15):
- fixed perl dependency problems
|
mod_proxy_html-2.4.17-1.an3.x86_64
[79 KiB] |
Changelog
by JoungKyun.Kim (2015-11-11):
- update 2.4.17
|
mod_proxy_html-2.4.16-1.an3.x86_64
[79 KiB] |
Changelog
by JoungKyun.Kim (2015-08-31):
- update 2.4.16
- security issues
. CVE-2015-3183
. CVE-2015-3185
. CVE-2015-0253
. CVE-2015-0228
|
mod_proxy_html-2.4.12-1.an3.x86_64
[79 KiB] |
Changelog
by JoungKyun.Kim (2015-02-03):
- update 2.4.12
- add External404Title directive
- fixed broken korean in SSI
|