- I-CVE-2020-1927: ubuthathaka kwi-mod_rewrite evumela ukuba umncedisi asetyenziselwe ukuthumela izicelo kwezinye izibonelelo (vula ukuqondisa kwakhona). Ezinye iisetingi ze-mod_rewrite zisenokubangela ukuba umsebenzisi athunyelwe kwelinye ikhonkco, elifakwe ngekhowudi kusetyenziswa umbhalo omtsha ngaphakathi kweparameter esetyenziswe kwindlela ekhoyo yokwalathisa.
- I-CVE-2020-1934: ukuba sesichengeni kwi-mod_proxy_ftp. Ukusebenzisa amaxabiso angabonakaliyo kunokukhokelela kwimemori evuzayo xa ucela izicelo kumncedisi weFTP olawulwa ngumhlaseli.
- Inkumbulo evuzayo kwi-mod_ssl eyenzekayo xa udibanisa izicelo ze-OCSP.
Olona tshintsho luqaphelekayo olungakhuselekanga lu:
- Imodyuli entsha yongeziwe
mod_systemd , ebonelela ngokudityaniswa nomphathi wenkqubo ye-systemd. Imodyuli ikuvumela ukuba usebenzise i-httpd kwiinkonzo ezinodidi lwe-"Type=notify". - Inkxaso yokuhlanganiswa komnqamlezo yongezwe kwii-apxs.
- Ubunakho bemodyuli ye-mod_md, ephuhliswe yiprojekthi ye-Let Encrypted to automate ricet kunye nokugcinwa kwezatifikethi usebenzisa i-ACME (i-Automatic Certificate Management Environmental) protocol, yandisiwe:
- Yongezwe umyalelo we-MDContactEmail, apho unokucacisa i-imeyile yoqhagamshelwano engahambelaniyo nedatha evela kumyalelo we-ServerAdmin.
- Kuyo yonke inginginya yenyani, inkxaso yeprotocol esetyenziswayo xa uthethathethwano ngejelo lonxibelelwano elikhuselekileyo (“tls-alpn-01”) liyaqinisekiswa.
- Vumela i-mod_md imiyalelo ukuba isetyenziswe kwiibhloko Kwaye .
- Uqinisekisa ukuba useto lwexesha elidlulileyo luyabhalwa ngaphezulu xa kusetyenziswa kwakhona i-MDCACChallenges.
- Kongezwe ukukwazi ukuqwalasela i-url ye-CTLog Monitor.
- Kwimiyalelo echazwe kumyalelo we-MDMessageCmd, umnxeba onengxoxo "efakiweyo" inikezelwa xa kuvula isatifikethi esitsha emva kokuqaliswa komncedisi (umzekelo, sinokusetyenziselwa ukukopa okanye ukuguqula isatifikethi esitsha kwezinye izicelo).
- mod_proxy_hcheck yongeze inkxaso ye-%{Content-Type} imaski kwi-check expressions.
- I-CookieSameSite, i-CookieHTTPOnly kunye neendlela ze-CookieSecure zongezwe kwi-mod_usertrack ukulungiselela ukusetyenzwa kwe-cookie yomsebenzisi.
- mod_proxy_ajp iphumeza "imfihlo" ukhetho kubaphathi beproxy ukuxhasa iprothokholi yoqinisekiso ye-AJP13 yelifa.
- Ulungelelwaniso olongeziweyo lweseti ye-OpenWRT.
- Inkxaso eyongeziweyo kwi-mod_ssl yokusebenzisa izitshixo zabucala kunye nezatifikethi ezivela kwi-OpenSSL ENGINE ngokucacisa i-PKCS#11 URI kwi-SSLCertificateFile/KeyFile.
- Uvavanyo oluphunyeziweyo kusetyenziswa inkqubo yokudibanisa eqhubekayo Travis CI.
- Ukwahlulwahlulwa kwemibhalo engasentla kweNguqulelo-Khowudi kuqinisiwe.
- I-mod_ssl ibonelela ngothethwano lwe-TLS yeprotocol ngokunxulumene neenginginya ezinenyani (ixhaswa xa yakhiwe nge-OpenSSL-1.1.1+.
- Ngokusebenzisa i-hashing yeetafile zomyalelo, ukuqaliswa kwakhona kwimowudi "yobabalo" kuyakhawuleza (ngaphandle kokuphazamisa abaqhubekisi bemibuzo).
- Itheyibhile ezongeziweyo zokufunda-kuphela r:headers_in_table, r:headers_out_table, r:err_headers_out_table, r:notes_table kunye r:subprocess_env_table to mod_lua. Vumela iitheyibhile ukuba zinikwe ixabiso "nil".
- Kwi-mod_authn_socache umda kubungakanani bomgca ogciniweyo unyuswe ukusuka kwi-100 ukuya kwi-256.
umthombo: opennet.ru