« OpenBSD 4.4 Released | Main | Continuing Business with Malware Infected Customers »

Apache 2.2.10 Released to address XSS Vulnerability

"The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.10 of the Apache HTTP Server ("Apache").

This version of Apache is principally a bug and security fix release.    The following potential security flaws are addressed:

  • CVE-2008-2939: mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of the FTP URL. Discovered by Marc Bevand of Rapid7.

We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.

Apache HTTP Server 2.2.10 is available for download from:
http://httpd.apache.org/download.cgi

Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase.  For an overview of new features introduced since 2.0 please see:
http://httpd.apache.org/docs/2.2/new_features_2_2.html

Please see the CHANGES_2.2 file, linked from the download page, for a full list of changes.  A condensed list, CHANGES_2.2.10 provides the complete list of changes since 2.2.9. A summary of security vulnerabilities which were  addressed in the previous 2.2.9 and earlier releases is available:
http://httpd.apache.org/security/vulnerabilities_22.html"

Apache Announcement: http://www.apache.org/dist/httpd/Announcement2.2.html
Apache Homepage: http://httpd.apache.org/

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!