"The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.10 of the Apache HTTP Server ("Apache").
This version of Apache is principally a bug and security fix release. The following potential security flaws are addressed:
- CVE-2008-2939: mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of the FTP URL. Discovered by Marc Bevand of Rapid7.
We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.
Apache HTTP Server 2.2.10 is available for download from:
Apache 2.2 offers numerous enhancements, improvements, and performance
boosts over the 2.0 codebase. For an overview of new features introduced
since 2.0 please see:
Please see the CHANGES_2.2 file, linked from the download page, for a
full list of changes. A condensed list, CHANGES_2.2.10 provides the
complete list of changes since 2.2.9.
A summary of security vulnerabilities
which were addressed in the previous 2.2.9 and earlier releases is available:
Apache Announcement: http://www.apache.org/dist/httpd/Announcement2.2.html
Apache Homepage: http://httpd.apache.org/