انتشار Apache ورژن 2.4.12

[secureconfig]

سلام.

2 روز پیش ورژن جدید اپاچی یعنی 2.4.12 منشر شد.

لینک دانلود :
Download - The Apache HTTP Server Project


Change Log :

کد:

Changes with Apache 2.4.12


  *) mpm_winnt: Accept utf-8 (Unicode) service names and descriptions for
     internationalization.  [William Rowe]


  *) mpm_winnt: Normalize the error and status messages emitted by service.c,
     the service control interface for Windows.  [William Rowe]


  *) configure: Fix --enable-v4-mapped configuration on *BSD. PR 53824.
     [ olli hauer <ohauer gmx.de>, Yann Ylavic ]


Changes with Apache 2.4.11
  
  *) SECURITY: CVE-2014-3583 (cve.mitre.org)
     mod_*****_fcgi: Fix a potential crash due to buffer over-read, with 
     response headers' size above 8K.  [Yann Ylavic, Jeff Trawick]


  *) SECURITY: CVE-2014-3581 (cve.mitre.org)
     mod_cache: Avoid a crash when Content-Type has an empty value.
     PR 56924.  [Mark Montague <mark catseye.org>, Jan Kaluza]


  *) SECURITY: CVE-2014-8109 (cve.mitre.org)
     mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
     used in multiple Require directives with different arguments.
     PR57204 [Edward Lu <Chaosed0 gmail.com>]


  *) SECURITY: CVE-2013-5704 (cve.mitre.org)
     core: HTTP trailers could be used to replace HTTP headers
     late during request processing, potentially undoing or
     otherwise confusing modules that examined or modified
     request headers earlier.  Adds "MergeTrailers" directive to restore
     legacy behavior.  [Edward Lu, Yann Ylavic, Joe Orton, Eric Covener]


  *) mod_ssl: New directive SSLSessionTickets (On|Off).
     The directive controls the use of TLS session tickets (RFC 5077),
     default value is "On" (unchanged behavior).
     Session ticket creation uses a random key created during web
     server startup and recreated during restarts. No other key
     recreation mechanism is available currently. Therefore using session
     tickets without restarting the web server with an appropriate frequency
     (e.g. daily) compromises perfect forward secrecy. [Rainer Jung]


  *) mod_*****_fcgi: Provide some basic alternate options for specifying 
     how PATH_INFO is passed to FastCGI backends by adding significance to
     the value of *****-fcgi-pathinfo. PR 55329. [Eric Covener]
 
  *) mod_*****_fcgi: Enable UDS backends configured with SetHandler/RewriteRule
     to opt-in to connection reuse and other ***** options via explicitly
     declared "***** workers" (<***** unix:... enablereuse=on max=...)
     [Eric Covener]


  *) mod_*****: Add "enablereuse" option as the inverse of "disablereuse".
     [Eric Covener]


  *) mod_*****_fcgi: Enable opt-in to TCP connection reuse by explicitly
     setting ***** option disablereuse=off. [Eric Covener] PR 57378.


  *) event: Update the internal "connection id" when requests
     move from thread to thread. Reuse can confuse modules like
     mod_cgid. PR 57435. [Michael Thorpe <mike gistnet.com>]


  *) mod_*****_fcgi: Remove *****:balancer:// prefix from SCRIPT_FILENAME
     passed to fastcgi backends. [Eric Covener]


  *) core: Configuration files with long lines and continuation characters
     are not read properly. PR 55910. [Manuel Mausz <manuel-as mausz.at>]


  *) mod_include: the 'env' function was incorrectly handled as 'getenv' if the
     leading 'e' was written in upper case in <!--#if expr="..." -->
     statements. [Christophe Jaillet]


  *) split-logfile: Fix perl error:  'Can't use string ("example.org:80") 
     as a symbol ref while "strict refs"'. PR 56329.
     [Holger Mauermann <mauermann gmail.com>]


  *) mod_*****: Prevent *****PassReverse from doing a substitution when
     the URL parameter interpolates to an empty string. PR 56603.
     [<ajprout hotmail.com>]


  *) core: Fix -D[efined] or <Define>[d] variables lifetime accross restarts. 
     PR 57328.  [Armin Abfalterer <a.abfalterer gmail.com>, Yann Ylavic].


  *) mod_*****: Preserve original request headers even if they differ
     from the ones to be forwarded to the backend. PR 45387.
     [Yann Ylavic]


  *) mod_ssl: dump SSL IO/state for the write side of the connection(s),
     like reads (level TRACE4). [Yann Ylavic]


  *) mod_*****_fcgi: Ignore body data from backend for 304 responses. PR 57198.
     [Jan Kaluza]


  *) mod_ssl: Do not crash when looking up SSL related variables during
     expression evaluation on non SSL connections. PR 57070  [Ruediger Pluem]


  *) mod_*****_ajp: Fix handling of the default port (8009) in the
     *****Pass and <*****> configurations.  PR 57259.  [Yann Ylavic]


  *) mpm_event: Avoid a possible use after free when notifying the end of
     connection during lingering close.  PR 57268.  [Eric Covener, Yann Ylavic]


  *) mod_ssl: Fix recognition of OCSP stapling responses that are encoded
     improperly or too large.  [Jeff Trawick]


  *) core: Add ap_log_data(), ap_log_rdata(), etc. for logging buffers.
     [Jeff Trawick]


  *) mod_*****_fcgi, mod_authnz_fcgi: stop reading the response and issue an
     error when parsing or forwarding the response fails. [Yann Ylavic]


  *) mod_ssl: Fix a memory leak in case of graceful restarts with OpenSSL >= 0.9.8e
     PR 53435 [tadanori <tadanori2007 yahoo.com>, Sebastian Wiedenroth <wiedi frubar.net>]


  *) mod_*****_connect: Don't issue AH02447 on sockets hangups, let the read
     determine whether it is a normal close or a real error. PR 57168. [Yann
     Ylavic]


  *) mod_*****_wstunnel: abort backend connection on polling error to avoid
     further processing.  [Yann Ylavic]


  *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
     PR 57167 [Edward Lu <Chaosed0 gmail.com>]


  *) mod_*****_connect: Fix *****Remote to https:// backends on EBCDIC 
     systems. PR 57092 [Edward Lu <Chaosed0 gmail.com>]


  *) mod_cache: Avoid a 304 response to an unconditional requst when an AH00752
     CacheLock error occurs during cache revalidation. [Eric Covener]
 
  *) mod_ssl: Move OCSP stapling information from a per-certificate store to
     a per-server hash. PR 54357, PR 56919. [Alex Bligh <alex alex.org.uk>,
     Yann Ylavic, Kaspar Brand]


  *) mod_cache_socache: Change average object size hint from 32 bytes to
     2048 bytes.  [Rainer Jung]


  *) mod_cache_socache: Add cache status to server-status.  [Rainer Jung]


  *) event: Fix worker-listener deadlock in graceful restart.
     PR 56960.


  *) Concat strings at compile time when possible. PR 53741.


  *) mod_substitute: Restrict configuration in .htaccess to
     FileInfo as documented.  [Rainer Jung]


  *) mod_substitute: Make maximum line length configurable.  [Rainer Jung]


  *) mod_substitute: Fix line length limitation in case of regexp plus flatten.
     [Rainer Jung]
  
  *) mod_*****: Truncated character worker names are no longer fatal
     errors. PR53218. [Jim Jagielski]


  *) mod_dav: Set r->status_line in dav_error_response. PR 55426.


  *) mod_*****_http, mod_cache: Avoid (unlikely) accesses to freed memory.
     [Yann Ylavic, Christophe Jaillet]


  *) http_protocol: fix logic in ap_method_list_(add|remove) in order:
       - to correctly reset bits
       - not to modify the 'method_mask' bitfield unnecessarily
     [Christophe Jaillet]


  *) mod_slotmem_shm: Increase log level for some originally debug messages.
     [Jim Jagielski]


  *) mod_ldap: In 2.4.10, some LDAP searches or comparisons might be done with
     the wrong credentials when a backend connection is reused.
     [Eric Covener]


  *) mod_macro: Add missing APLOGNO for some Warning log messages.
     [Christophe Jaillet]


  *) mod_cache: Avoid sending 304 responses during failed revalidations
     PR56881. [Eric Covener]


  *) mod_status: Honor client IP address using mod_remoteip. PR 55886.
     [Jim Jagielski]


  *) cmake-based build for Windows: Fix incompatibility with cmake 2.8.12
     and later.  PR 56615.  [Chuck Liu <cliu81 gmail.com>, Jeff Trawick]


  *) mod_ratelimit: Drop severity of AH01455 and AH01457 (ap_pass_brigade
     failed) messages from ERROR to TRACE1.  Other filters do not bother 
     re-reporting failures from lower level filters.  PR56832.  [Eric Covener]


  *) core: Avoid useless warning message when parsing a section guarded by
     <IfDefine foo> if $(foo) is used within the section.
     PR 56503 [Christophe Jaillet]


  *) mod_*****_fcgi: Fix faulty logging of large amounts of stderr from the
     application.  PR 56858.  [Manuel Mausz <manuel-asf mausz.at>]


  *) mod_*****_http: ***** responses with error status and
     "*****ErrorOverride On" hang until ***** timeout.
     PR53420 [Rainer Jung]


  *) mod_log_config: Allow three character log formats to be registered. For
     backwards compatibility, the first character of a three-character format
     must be the '^' (caret) character.  [Eric Covener]


  *) mod_lua: Don't quote Expires and Path values. PR 56734.
     [Keith Mashinter, <kmashint yahoo com>]


  *) mod_authz_core: Allow <AuthzProviderAlias>'es to be seen from auth
     stanzas under virtual hosts. PR 56870. [Eric Covener]




  [Apache 2.3.0-dev includes those bug fixes and changes with the
   Apache 2.2.xx tree as documented, and except as noted, below.]


Changes with Apache 2.2.x and later:


  *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?view=markup


Changes with Apache 2.0.x and later:


  *) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup

http://secureconfig.net/secure/apache-2-4-12-released/

موفق باشید./

[yourhosting]

ممنون بابت اطلاع رسانی

[heydari304]

تشکر بابت اطلاع.

[jahromweb]

باتشکر از اطلاع رسانی
احتمالا هنور مارتینس اپیدت رو برای کاستوم بیلد اماده نکرده وگرنه پلاگین اطلاع میداد
موفق باشید.

[secureconfig]

تشکر بابت اطلاع.

ممنون بابت اطلاع رسانی

باتشکر از اطلاع رسانی
احتمالا هنور مارتینس اپیدت رو برای کاستوم بیلد اماده نکرده وگرنه پلاگین اطلاع میداد
موفق باشید.

خواهش میکنم.
------

هنوز سی پنل و دایرکت ادمین ورژن جدید اپاچی را قرار نداده اند -- دوستانی که سرور بدون کنترل پنل دارند بدون هیچ مشکلی میتوانند بروزرسانی کنند.


موفق باشید./

[jahromweb]

بهشون اطلاع دادم گفتا که اپیدت کردن (Apache 2.4.10 update to 2.4.12 is available)

- - - Updated - - -

(دایرکت ادمین - کاستوم بیلد 2)

[secureconfig]

بسیار عالی - بنده سی پنل را چک کردم اپدیت نبود - احتمالا تا چند روز دیگر اضافه میشود.

- - - Updated - - -

سلام.

صبح امروز سی پنل نسخه ی جدید easyapache را با بروزرسانی اپاچی به 2.4.12 منتشر کرد.

[dellserver]

ممنون ایا ارتقا بدیم مشکلی به وجود نمیاد ؟؟

[secureconfig]

ممنون ایا ارتقا بدیم مشکلی به وجود نمیاد ؟؟

خواهش میکنم - فکر نمیکنم مشکلی پیش بیاد - ارتقا بدید و تست کنید و اگر مشکلی پیش اومد باید لاگ هارا بررسی کنید ویا به نسخه ی قبل دانگرید کنید.

موفق باشید./

[dellserver]

توی دایرکت ادمین چطور باید این کار رو بکنبم ؟