Skip to content
This repository has been archived by the owner on Sep 23, 2024. It is now read-only.

Update to 2.4.48 for security issues, bugs and improvements #40

Closed
reporter4u opened this issue Jun 3, 2021 · 9 comments
Closed

Update to 2.4.48 for security issues, bugs and improvements #40

reporter4u opened this issue Jun 3, 2021 · 9 comments

Comments

@reporter4u
Copy link
Contributor

Apache httpd project team release a new version due to these reasons

  • CVE's fixed (2.4.47/48)
  • Bugs fixed
  • Improvements

See https://downloads.apache.org/httpd/CHANGES_2.4.48

Thank you in advance!

Roberto

@reporter4u reporter4u changed the title Update to 2.4.48 For security Issues, bugs and improvements Update to 2.4.48 for security issues, bugs and improvements Jun 3, 2021
@SteveSimpson
Copy link
Contributor

Thanks. I'm looking at the changes now.

@SteveSimpson
Copy link
Contributor

I looked at FC release of 2.4.48, the only thing I'm not sure about including is Patch63: httpd-2.4.46-htcacheclean-dont-break.patch, which seems to go along with the comment:

  • prevent htcacheclean from while break when first file processed

There have been a few other refinements in the FC33 process that I think we can live without, so based on that I'm going to submit a pull request for 2.4.48 shortly.

@reporter4u
Copy link
Contributor Author

@SteveSimpson it seems that the merge of your pull request is blocked. What can we do? Who is authorized to approve the review?

@SteveSimpson
Copy link
Contributor

@carlwgeorge has typically run the project, but he typically takes a while to do reviews. Sorry - nothing I can do.

@bgibson710
Copy link

Any updates on this @carlwgeorge ? Been over a month since @SteveSimpson suggested you are the only one to do the review and no news. The previous build of Apache httpd has some security flaws that my scanners are picking up on.

@rivermigue
Copy link

Are there any updates with this issue? Looking forward on upgrading to the newest release as well.

@carlwgeorge
Copy link
Member

Been over a month since @SteveSimpson suggested you are the only one to do the review and no news.

While my involvement in this project has been winding down, I've tried enable others to get things done so I'm not a single point of failure. There are 19 members of the @iusrepo organization. All of us have the ability to review and merge pull requests, as long as it isn't our own. I'm happy to invite others who demonstrate proficiency via pull requests. I've previously invited Steve to the org so he can help review and merge pull requests, but he didn't accept. I've re-sent that invitation in case he is interested.

Once a PR is merged, it is built automatically. There are currently just two of us that have access to sign the rpms and push them to the yum repository. I'm happy to train other members of the org on the push process if they show interest.

I've reviewed and merged #42. I've also signed and published the resulting packages. httpd24u-2.4.48-1.el7.ius is now available in the testing repo for those that would like to test and provide feedback.

For those concerned about the status of the project, I encourage you to read iusrepo/wishlist#304. TLDR; IUS is not my job anymore, but I would like to enable others that find it useful to keep it going.

@SteveSimpson
Copy link
Contributor

@carlwgeorge - just got your invite & joined the project. I'll definitely do what I can to help keep the project going. Thanks for all your hard work!

I have already been running the last update in production for about a month now (via a project yum server), so I'm going to go ahead and close the ticket.

@carlwgeorge
Copy link
Member

Thanks for testing @SteveSimpson, based on your positive testing feedback I've promoted httpd24u-2.4.48-1.el7.ius to the main repo.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants