Software 42499 Published by

Another release candidate for Apache Webserver 2.4.60 is available for testing. Several changes have been made to version 2.4.60. These include fixing DNS requests and connections that were closed before the configured addressTTL was set, logging the real thread ID in Linux error logs, supporting zone/scope in IPv6 link-local addresses in Listen and VirtualHost directives, rejecting client-initiated renegotiation with a TLS alert, updating mime.types, fixing a regression that stopped default DH parameters for a key from being set, and updating rustls-ffi to v0.13.0.



apache/httpd 2.4.60-rc3-candidate

Changes with Apache 2.4.60

*) mod_proxy: Fix DNS requests and connections closed before the
configured addressTTL. BZ 69126. [Yann Ylavic]

*) core: On Linux, log the real thread ID in error logs. [Joe Orton]

*) core: Support zone/scope in IPv6 link-local addresses in Listen and
VirtualHost directives (requires APR 1.7.x or later). PR 59396
[Joe Orton]

*) mod_ssl: Reject client-initiated renegotiation with a TLS alert
(rather than connection closure). [Joe Orton, Yann Ylavic]

*) Updated mime.types. [Mohamed Akram <mohd.akram outlook.com>,
Adam Silverstein <adamsilverstein earthboundhosting.com>]

*) mod_ssl: Fix a regression that causes the default DH parameters for a key
no longer set and thus effectively disabling DH ciphers when no explicit
DH parameters are set. PR 68863 [Ruediger Pluem]

*) mod_cgid: Optional support for file descriptor passing, fixing
error log handling (configure --enable-cgid-fdpassing) on Unix
platforms. PR 54221. [Joe Orton]

*) mod_cgid/mod_cgi: Distinguish script stderr output clearly in
error logs. PR 61980. [Hank Ibell <hwibell gmail.com>]

*) mod_tls: update version of rustls-ffi to v0.13.0.
[Daniel McCarney (@cpu}]

*) mod_md:
- Using OCSP stapling information to trigger certificate renewals. Proposed
by @frasertweedale.
- Added directive `MDCheckInterval` to control how often the server checks
for detected revocations. Added proposals for configurations in the
README.md chapter "Revocations".
- OCSP stapling: accept OCSP responses without a `nextUpdate` entry which is
allowed in RFC 6960. Treat those as having an update interval of 12 hours.
Added by @frasertweedale.
- Adapt OpenSSL usage to changes in their API. By Yann Ylavic.

Release 2.4.60-rc3-candidate · apache/httpd