httpd 2.2.21 now available

September 22, 2011 by · 12 Comments 

I've just made httpd 2.2.21 available in my repos.  No other packages were updated or rebuilt so with any luck this will be a smooth upgrade for everyone.

For those that don't know, aside from a few bug fixes here and there, httpd 2.2.21 fixes another DoS bug (this time in mod_proxy_ajp) and re-fixes the DoS bug that was fixed in 2.2.20.

httpd 2.2.21 ChangeLog

Comments

12 Responses to “httpd 2.2.21 now available”
  1. redgmg says:

    thank you very much!

  2. denmas says:

    It seem you forgot something in your last update. I got this message when i try to update:

    "Missing Dependency: apr-util = 1.3.12-1.jason.1 is needed by package apr-util-ldap-1.3.12-1.jason.1.i386 (utterramblings)"

    In fact, apr-util.i386 is at version 1.3.9-1.jason.2 and nothing tell him to update.

  3. Jason says:

    @denmas,

    There are 1.3.12 packages for apr-util in all 4 repos. If you are not seeing them then try clearing your yum cache.

  4. denmas says:

    it's OK now, it was a conflict with the base repo of CentOS
    I disabled the base repo of CentOS.
    And make an update of apr-util-ldap in yum shell
    Then re-enabled the base repo..

  5. Will says:

    Do you publish the spec file for use?

  6. Jeff says:

    had not seen a lot of comments on this so I waited a few months to see if there were any more success/horror stories. Updated last night, and no problems updating from the Dec 2010 release.

  7. Albert McCann says:

    Any chance of seeing 2.2.22 built? There is a DOS vulnerability in 2.2.21.

    http://httpd.apache.org/security/vulnerabilities_22.html

  8. Brion Hase says:

    Like Albert, we're are getting dinged with a PCI scan indicating we could upgrade to Apache httpd 2.2.22. Can you give us an idea of when and if your going to be able to update it?

  9. Jason says:

    I should be able to get httpd updated within the next few days.

  10. Matthew Hall says:

    Hi Jason,

    Can you also include the authnoprov patch for 2.2.21/2.2.22 please - see:

    https://bugzilla.redhat.com/show_bug.cgi?id=736104

  11. Dmitry says:

    Thanks a lot Jason

    Very useful repository, we also failed PCI scan, can't wait for 2.2.22 :-((

    Sincerely
    Dmitry

  12. Charles says:

    Please could somebody assist me: what is the command to install httpd? Thanks.

This site is no longer updated. If you have a need for RHEL/CentOS LAMP Stack updates outside the normal channels, I recommend ART. https://updates.atomicorp.com/channels/