Software 42481 Published by

The fourth release candidate for Apache Webserver 2.4.60 is now available for testing

Apache/httpd 2.4.60-rc4-candidate

Changes with Apache 2.4.60

*) mod_proxy: Fix DNS requests and connections closed before the configured addressTTL. BZ 69126. [Yann Ylavic]

*) core: On Linux, log the real thread ID in error logs. [Joe Orton]

*) core: Support zone/scope in IPv6 link-local addresses in Listen and VirtualHost directives (requires APR 1.7.x or later). PR 59396 [Joe Orton]

*) mod_ssl: Reject client-initiated renegotiation with a TLS alert (rather than connection closure). [Joe Orton, Yann Ylavic]

*) Updated mime.types. [Mohamed Akram <mohd.akram>, Adam Silverstein <adamsilverstein>]

*) mod_ssl: Fix a regression that causes the default DH parameters for a key no longer set and thus effectively disabling DH ciphers when no explicit DH parameters are set. PR 68863 [Ruediger Pluem]

*) mod_cgid: Optional support for file descriptor passing, fixing error log handling (configure --enable-cgid-fdpassing) on Unix platforms. PR 54221. [Joe Orton]

*) mod_cgid/mod_cgi: Distinguish script stderr output clearly in error logs. PR 61980. [Hank Ibell <hwibell>]

*) mod_tls: update version of rustls-ffi to v0.13.0. [Daniel McCarney (@cpu}]

*) mod_md:
- Using OCSP stapling information to trigger certificate renewals. Proposed by @frasertweedale.
- Added directive `MDCheckInterval` to control how often the server checks for detected revocations. Added proposals for configurations in the chapter "Revocations".
- OCSP stapling: accept OCSP responses without a `nextUpdate` entry which is allowed in RFC 6960. Treat those as having an update interval of 12 hours. Added by @frasertweedale.
- Adapt OpenSSL usage to changes in their API. By Yann Ylavic.

Release 2.4.60-rc4-candidate · apache/httpd