Project httpd-1:2.4.57-11.el9.1.inferit content_copy

×

* Fri Sep 06 2024 Alexey Berezhok <aberezhok@msvsphere-os.ru> - 1:2.4.57-11.1.inferit
- Added LS support

* Mon Aug 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-11.1
- Resolves: RHEL-46047 - httpd: Security issues via backend applications whose
  response headers are malicious or exploitable (CVE-2024-38476)
- Resolves: RHEL-53021 - Regression introduced by CVE-2024-38474 fix

* Thu Jul 04 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-11
- Resolves: RHEL-45792 -  httpd: Encoding problem in
  mod_proxy (CVE-2024-38473)

* Wed Jul 03 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-9
- Resolves: RHEL-45766 -  httpd: null pointer dereference in
  mod_proxy (CVE-2024-38477)
- Resolves: RHEL-45749 - httpd: Potential SSRF in mod_rewrite (CVE-2024-39573)
- Resolves: RHEL-45818 - httpd: Substitution encoding issue in
  mod_rewrite (CVE-2024-38474)
- Resolves: RHEL-45771 - httpd: Improper escaping of output in
  mod_rewrite (CVE-2024-38475)

* Wed Feb 07 2024 Joe Orton <jorton@redhat.com> - 2.4.57-8
- mod_xml2enc: fix media type handling
  Resolves: RHEL-17686
- mod_dav: add DavBasePath
  Resolves: RHEL-6600

* Mon Feb 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-7
- Resolves: RHEL-14447 - httpd: mod_macro: out-of-bounds read
  vulnerability (CVE-2023-31122)

* Tue Dec 19 2023 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 2.4.57-5.inferit
- Rebuilt for MSVSphere 9.3

* Wed Oct 04 2023 Joe Orton <jorton@redhat.com> - 2.4.57-6
- Resolves: RHEL-5071 - mod_dav_fs: add DavLockDBType
- mod_dav_fs: add global mutex around lockdb interaction

* Thu Jul 20 2023 Tomas Korbar <tkorbar@redhat.com> - 2.4.57-5
- Fix issue found by covscan
- Related: #2222001

* Tue Jul 18 2023 Joe Orton <jorton@redhat.com> - 2.4.57-4
- Resolves: #2217726 - Make PROPFIND tolerant of deletion race

* Tue Jul 11 2023 Tomas Korbar <tkorbar@redhat.com> - 2.4.57-3
- Resolves: #2222001 - mod_status lists BusyWorkers IdleWorkers keys twice

* Wed Jun 21 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 2.4.53-11.5.inferit
- Rebuilt for MSVSphere 9.2

* Thu Jun 01 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 2.4.53-11.4.inferit
- Rebuilt for MSVSphere 9.2

* Fri Apr 28 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11.5
- Resolves: #2190324 - mod_rewrite regression with CVE-2023-25690

* Fri Apr 14 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-2
- Resolves: #2186645 - Fix issue found by covscan in httpd package
- Resolves: #2173295 - Include Apache httpd module mod_authnz_fcgi

* Thu Apr 13 2023 Alexey Lyubimov <a.lyubimov@msvsphere.ru> - 2.4.53-7.5.inferit.1
- Fix spec changelog records ordering

* Tue Apr 11 2023 Alexey Lyubimov <a.lyubimov@msvsphere.ru> - 2.4.53-7.inferit
- MSVSphere 9.1 changes, symlinking and creating alias for test-page-background.png

* Tue Apr 11 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.57-1
- Resolves: #2184403 - rebase httpd to 2.4.57
- Resolves: #2177753 - CVE-2023-25690 httpd: HTTP request splitting with
  mod_rewrite and mod_proxy

* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.4.53-11
- Rebuilt for MSVSphere 9.1.

* Mon Jan 30 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-11
- Resolves: #2162500 - CVE-2006-20001 httpd: mod_dav: out-of-bounds read/write
  of zero byte
- Resolves: #2162486 - CVE-2022-37436 httpd: mod_proxy: HTTP response splitting
- Resolves: #2162510 - CVE-2022-36760 httpd: mod_proxy_ajp: Possible request
  smuggling

* Tue Jan 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-10
- Resolves: #2160667 - prevent sscg creating /dhparams.pem

* Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-9
- Resolves: #2143176 - Dependency from mod_http2 on httpd broken

* Tue Dec 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-8
- Resolves: #2151313 - reduce AH03408 log level from WARNING to INFO