ProHoster > Π‘Π»ΠΎΠ³ > interrete nuntium > Apache http servo release 2.4.48

Apache http servo release 2.4.48

Emissio Apache HTTP 2.4.48 divulgata est (dimissio 2.4.47 omissa est), quae 39 mutationes inducit et 8 vulnerabilitates eliminat;

  • CVE-2021-30641 - falsa operatio sectionis in "MergeSlashes OFF' modus;
  • CVE-2020-35452 - Unius acervus byte nullus exundat in mod_auth_digest;
  • CVE-2021-31618, CVE-2020-26691, CVE-2020-26690, CVE-2020-13950 - NULLUS monstrator dereferences in mod_http 2, mod_sessione ac modo proxy;
  • CVE-2020-13938 - Possibilitas impediendi processum httpd ab unprivilego usuario in Fenestra;
  • CVE-2019-17567 - Protocollum tractationum quaestiones in mod_proxy_stunnel et modo proxy_http.

Praecipuae mutationes securitatis non- sunt:

  • Addidit ProxyWebsocketFallbackToProxyHttp occasum ad mod_proxy_wstunnel ut disable transitus ad utendi mod_proxy_http pro WebSocket.
  • Core servo API includit functiones SSL relatas quae nunc praesto sunt sine mod_ssl moduli (exempli gratia, mod_md moduli ad praebendas claves et testimoniales praebens).
  • Processus of OCSP (Protocol Status certificatorium Online) responsionum moD_ssl/mod_md ad partem basim mota est, quae alios modulos OCSP datas accedere et responsa OCSP generare sinit.
  • mod_md usu larvis in directivis MDomains concedit, exempli gratia "MDomain *.host.net". In MDPrivateKeys directivum permittit ut diversa genera clavium specificans, exempli gratia "MDPrivateKeys secp384r1 rsa2048" usum testimoniorum ECDSA et RSA permittit. Firmamentum legatum ACMEv1 protocollo instructum est.
  • Addidit subsidium Luae 5.4 ad mod_lua.
  • Renovata versio mod_http2 moduli. Emendato errore tractatio. Adiecit 'H2OutputBuffering in/off' optionem ad imperium output buffering (enabled by default).
  • Mod_dav_FileETag instrumentorum directivorum "Digesti" modum generandi ETag substructio in cursorio contentorum.
  • mod_proxy permittit te uti ProxyErrorOverride circumscribere ad certos status codes.
  • Novae normae ReadBufferSize, FlushMaxThreshold et FlushMaxPipelined impletae sunt.
  • mod_rewrite instrumentorum processus of SameSite attributi cum parsing [CO] (crustulum) vexillum in RewriteRule directivum.
  • Hamus check_trans additus est ad mod_proxy ut petitiones reiciat in gradu praematuro.

Source: opennet.ru