Mailing List Archive

Hi, Rainer;
Right - this file gets rewritten by the announce.sh script just before the notification goes out. This is done to ensure that the date is correct and to ensure the type of release (bug, security, enhancement) is correct. It appears as though the file was just changed, but really it's just because the text was bumped as-is from the 'dev' location to the 'dist' location.
--
Daniel Ruggeri

On August 5, 2020 7:23:33 AM CDT, Rainer Jung <rainer.jung@kippdata.de> wrote:
>Could you fix the date (September 21, 2018 sems wrong).
>
>Thanks!
>
>Rainer
>
>Am 05.08.2020 um 13:32 schrieb druggeri@apache.org:
>> Author: druggeri
>> Date: Wed Aug 5 11:32:51 2020
>> New Revision: 40863
>>
>> Log:
>> Push 2.4.46 up to the release directory
>>
>> Added:
>> release/httpd/CHANGES_2.4.46
>> - copied unchanged from r40862, dev/httpd/CHANGES_2.4.46
>> release/httpd/httpd-2.4.46.tar.bz2
>> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2
>> release/httpd/httpd-2.4.46.tar.bz2.asc
>> - copied unchanged from r40862,
>dev/httpd/httpd-2.4.46.tar.bz2.asc
>> release/httpd/httpd-2.4.46.tar.bz2.md5
>> - copied unchanged from r40862,
>dev/httpd/httpd-2.4.46.tar.bz2.md5
>> release/httpd/httpd-2.4.46.tar.bz2.sha1
>> - copied unchanged from r40862,
>dev/httpd/httpd-2.4.46.tar.bz2.sha1
>> release/httpd/httpd-2.4.46.tar.bz2.sha256
>> - copied unchanged from r40862,
>dev/httpd/httpd-2.4.46.tar.bz2.sha256
>> release/httpd/httpd-2.4.46.tar.bz2.sha512
>> - copied unchanged from r40862,
>dev/httpd/httpd-2.4.46.tar.bz2.sha512
>> release/httpd/httpd-2.4.46.tar.gz
>> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz
>> release/httpd/httpd-2.4.46.tar.gz.asc
>> - copied unchanged from r40862,
>dev/httpd/httpd-2.4.46.tar.gz.asc
>> release/httpd/httpd-2.4.46.tar.gz.md5
>> - copied unchanged from r40862,
>dev/httpd/httpd-2.4.46.tar.gz.md5
>> release/httpd/httpd-2.4.46.tar.gz.sha1
>> - copied unchanged from r40862,
>dev/httpd/httpd-2.4.46.tar.gz.sha1
>> release/httpd/httpd-2.4.46.tar.gz.sha256
>> - copied unchanged from r40862,
>dev/httpd/httpd-2.4.46.tar.gz.sha256
>> release/httpd/httpd-2.4.46.tar.gz.sha512
>> - copied unchanged from r40862,
>dev/httpd/httpd-2.4.46.tar.gz.sha512
>> Removed:
>> dev/httpd/CHANGES_2.4
>> dev/httpd/CHANGES_2.4.46
>> dev/httpd/httpd-2.4.46-deps.tar.bz2
>> dev/httpd/httpd-2.4.46-deps.tar.bz2.asc
>> dev/httpd/httpd-2.4.46-deps.tar.bz2.md5
>> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha1
>> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha256
>> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha512
>> dev/httpd/httpd-2.4.46-deps.tar.gz
>> dev/httpd/httpd-2.4.46-deps.tar.gz.asc
>> dev/httpd/httpd-2.4.46-deps.tar.gz.md5
>> dev/httpd/httpd-2.4.46-deps.tar.gz.sha1
>> dev/httpd/httpd-2.4.46-deps.tar.gz.sha256
>> dev/httpd/httpd-2.4.46-deps.tar.gz.sha512
>> dev/httpd/httpd-2.4.46.tar.bz2
>> dev/httpd/httpd-2.4.46.tar.bz2.asc
>> dev/httpd/httpd-2.4.46.tar.bz2.md5
>> dev/httpd/httpd-2.4.46.tar.bz2.sha1
>> dev/httpd/httpd-2.4.46.tar.bz2.sha256
>> dev/httpd/httpd-2.4.46.tar.bz2.sha512
>> dev/httpd/httpd-2.4.46.tar.gz
>> dev/httpd/httpd-2.4.46.tar.gz.asc
>> dev/httpd/httpd-2.4.46.tar.gz.md5
>> dev/httpd/httpd-2.4.46.tar.gz.sha1
>> dev/httpd/httpd-2.4.46.tar.gz.sha256
>> dev/httpd/httpd-2.4.46.tar.gz.sha512
>> Modified:
>> release/httpd/Announcement2.4.html
>> release/httpd/Announcement2.4.txt
>> release/httpd/CHANGES_2.4
>>
>> Modified: release/httpd/Announcement2.4.html
>>
>==============================================================================
>> --- release/httpd/Announcement2.4.html (original)
>> +++ release/httpd/Announcement2.4.html Wed Aug 5 11:32:51 2020
>> @@ -49,27 +49,27 @@
>> <div class="banner"></div>
>>
>> <h1>
>> - Apache HTTP Server 2.4.43 Released
>> + Apache HTTP Server 2.4.46 Released
>> </h1>
>> <p>
>> - April 01, 2020
>> + September 21, 2018
>> </p>
>> <p>
>> The Apache Software Foundation and the Apache HTTP Server
>Project are
>> pleased to <a
>href="https://www.apache.org/dist/httpd/Announcement2.4.html">announce</a>
>> - the release of version 2.4.43 of the Apache
>> + the release of version 2.4.46 of the Apache
>> HTTP Server ("Apache"). This version of Apache is our latest GA
>> release of the new generation 2.4.x branch of Apache HTTPD and
>> represents fifteen years of innovation by the project, and is
>> recommended over all previous releases. This release of Apache
>is
>> - a security, feature and bug fix release.
>> + a feature and bug fix release.
>> </p>
>> <p>
>> We consider this release to be the best version of Apache
>available, and
>> encourage users of all prior versions to upgrade.
>> </p>
>> <p>
>> - Apache HTTP Server 2.4.43 is available for download from:
>> + Apache HTTP Server 2.4.46 is available for download from:
>> </p>
>> <dl>
>> <dd><a href="https://httpd.apache.org/download.cgi"
>> @@ -77,7 +77,7 @@
>> </dl>
>> <p>
>> Please see the <a href="./CHANGES_2.4">CHANGES_2.4</a> file,
>linked from the download page, for a
>> - full list of changes. A condensed list, <a
>href="./CHANGES_2.4.43">CHANGES_2.4.43</a> includes only
>> + full list of changes. A condensed list, <a
>href="./CHANGES_2.4.46">CHANGES_2.4.46</a> includes only
>> those changes introduced since the prior 2.4 release. A summary
>of all
>> of the security vulnerabilities addressed in this and earlier
>releases
>> is available:
>>
>> Modified: release/httpd/Announcement2.4.txt
>>
>==============================================================================
>> --- release/httpd/Announcement2.4.txt (original)
>> +++ release/httpd/Announcement2.4.txt Wed Aug 5 11:32:51 2020
>> @@ -1,19 +1,19 @@
>> - Apache HTTP Server 2.4.43 Released
>> + Apache HTTP Server 2.4.46 Released
>>
>> - April 01, 2020
>> + September 21, 2018
>>
>> The Apache Software Foundation and the Apache HTTP Server
>Project
>> - are pleased to announce the release of version 2.4.43 of the
>Apache
>> + are pleased to announce the release of version 2.4.46 of the
>Apache
>> HTTP Server ("Apache"). This version of Apache is our latest GA
>> release of the new generation 2.4.x branch of Apache HTTPD and
>> represents fifteen years of innovation by the project, and is
>> recommended over all previous releases. This release of Apache
>is
>> - a security, feature and bug fix release.
>> + a feature and bug fix release.
>>
>> We consider this release to be the best version of Apache
>available, and
>> encourage users of all prior versions to upgrade.
>>
>> - Apache HTTP Server 2.4.43 is available for download from:
>> + Apache HTTP Server 2.4.46 is available for download from:
>>
>> https://httpd.apache.org/download.cgi
>>
>> @@ -24,7 +24,7 @@
>> https://httpd.apache.org/docs/trunk/new_features_2_4.html
>>
>> Please see the CHANGES_2.4 file, linked from the download page,
>for a
>> - full list of changes. A condensed list, CHANGES_2.4.43 includes
>only
>> + full list of changes. A condensed list, CHANGES_2.4.46 includes
>only
>> those changes introduced since the prior 2.4 release. A summary
>of all
>> of the security vulnerabilities addressed in this and earlier
>releases
>> is available:
>>
>> Modified: release/httpd/CHANGES_2.4
>>
>==============================================================================
>> --- release/httpd/CHANGES_2.4 (original)
>> +++ release/httpd/CHANGES_2.4 Wed Aug 5 11:32:51 2020
>> @@ -1,6 +1,78 @@
>> -*-
>coding: utf-8 -*-
>> +Changes with Apache 2.4.46
>> + *) mod_proxy_fcgi: Fix build warnings for Windows platform
>> + [Eric Covener, Christophe Jaillet]
>> +
>> +Changes with Apache 2.4.45
>> +
>> + *) mod_http2: remove support for abandoned http-wg draft
>> +
><https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.
>> + [Stefan Eissing]
>> +
>> +Changes with Apache 2.4.44
>> +
>> + *) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
>> + protocol limit). [Yann Ylavic]
>> +
>> + *) mod_http2:
>> + Fixes <https://github.com/icing/mod_h2/issues/200>:
>> + "LimitRequestFields 0" now disables the limit, as documented.
>> + Fixes <https://github.com/icing/mod_h2/issues/201>:
>> + Do not count repeated headers with same name against the field
>> + count limit. The are merged internally, as if sent in a single
>HTTP/1 line.
>> + [Stefan Eissing]
>> +
>> + *) mod_http2: Avoid segfaults in case of handling certain
>responses for
>> + already aborted connections. [Stefan Eissing, Ruediger Pluem]
>> +
>> + *) mod_http2: The module now handles master/secondary connections
>and has marked
>> + methods according to use. [Stefan Eissing]
>> +
>> + *) core: Drop an invalid Last-Modified header value coming
>> + from a FCGI/CGI script instead of replacing it with Unix epoch.
>> + [Yann Ylavic, Luca Toscano]
>> +
>> + *) Add support for strict content-length parsing through addition
>of
>> + ap_parse_strict_length() [Yann Ylavic]
>> +
>> + *) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when
>expression
>> + evaluates to false. PR64365. [Michael König <mail
>ikoenig.net>]
>> +
>> + *) mod_proxy_http: flush spooled request body in one go to avoid
>> + leaking (or long lived) temporary file. PR 64452. [Yann Ylavic]
>> +
>> + *) mod_ssl: Fix a race condition and possible crash when using a
>proxy client
>> + certificate (SSLProxyMachineCertificateFile).
>> + [Armin Abfalterer <a.abfalterer gmail.com>]
>> +
>> + *) mod_ssl: Fix memory leak in stapling code. PR63687. [Stefan
>Eissing]
>> +
>> + *) mod_http2: Fixed regression that no longer set H2_STREAM_ID and
>H2_STREAM_TAG.
>> + PR64330 [Stefan Eissing]
>> +
>> + *) mod_http2: Fixed regression that caused connections to close
>when mod_reqtimeout
>> + was configured with a handshake timeout. Fixes gitub issue
>#196.
>> + [Stefan Eissing]
>> +
>> + *) mod_proxy_http2: the "ping" proxy parameter
>> + (see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>) is
>now used
>> + when checking the liveliness of a new or reused h2 connection
>to the backend.
>> + With short durations, this makes load-balancing more
>responsive. The module
>> + will hold back requests until ping conditions are met, using
>features of the
>> + HTTP/2 protocol alone. [Ruediger Pluem, Stefan Eissing]
>> +
>> + *) core: httpd is no longer linked against -lsystemd if
>mod_systemd
>> + is enabled (and built as a DSO). [Rainer Jung]
>> +
>> + *) mod_proxy_http2: respect ProxyTimeout settings on backend
>connections
>> + while waiting on incoming data. [Ruediger Pluem, Stefan
>Eissing]
>> +
>> Changes with Apache 2.4.43
>>
>> + *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann
>Ylavic]
>> +
>> +Changes with Apache 2.4.42
>> +
>> *) SECURITY: CVE-2020-1934 (cve.mitre.org)
>> mod_proxy_ftp: Use of uninitialized value with malicious
>backend FTP
>> server. [Eric Covener]
>> @@ -10,10 +82,6 @@ Changes with Apache 2.4.43
>> matches and substitutions with encoded line break characters.
>> The fix for CVE-2019-10098 was not effective. [Ruediger
>Pluem]
>>
>> - *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann
>Ylavic]
>> -
>> -Changes with Apache 2.4.42
>> -
>> *) mod_proxy_http: Fix the forwarding of requests with content
>body when a
>> balancer member is unavailable; the retry on the next member
>was issued
>> with an empty body (regression introduced in 2.4.41). PR63891.

Thanks for the explanation and sorry about the wrong alarm!

Best regards,

Rainer

Am 06.08.2020 um 00:31 schrieb Daniel Ruggeri:
> Hi, Rainer;
> Right - this file gets rewritten by the announce.sh script just before
> the notification goes out. This is done to ensure that the date is
> correct and to ensure the type of release (bug, security, enhancement)
> is correct. It appears as though the file was just changed, but really
> it's just because the text was bumped as-is from the 'dev' location to
> the 'dist' location.
> --
> Daniel Ruggeri
>
> On August 5, 2020 7:23:33 AM CDT, Rainer Jung <rainer.jung@kippdata.de>
> wrote:
>
> Could you fix the date (September 21, 2018 sems wrong).
>
> Thanks!
>
> Rainer
>
> Am 05.08.2020 um 13:32 schrieb druggeri@apache.org:
>
> Author: druggeri
> Date: Wed Aug 5 11:32:51 2020
> New Revision: 40863
>
> Log:
> Push 2.4.46 up to the release directory
>
> Added:
> release/httpd/CHANGES_2.4.46
> - copied unchanged from r40862, dev/httpd/CHANGES_2.4.46
> release/httpd/httpd-2.4.46.tar.bz2
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2
> release/httpd/httpd-2.4.46.tar.bz2.asc
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.asc
> release/httpd/httpd-2.4.46.tar.bz2.md5
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.md5
> release/httpd/httpd-2.4.46.tar.bz2.sha1
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.bz2.sha1
> release/httpd/httpd-2.4.46.tar.bz2.sha256
> - copied unchanged from r40862,
> dev/httpd/httpd-2.4.46.tar.bz2.sha256
> release/httpd/httpd-2.4.46.tar.bz2.sha512
> - copied unchanged from r40862,
> dev/httpd/httpd-2.4.46.tar.bz2.sha512
> release/httpd/httpd-2.4.46.tar.gz
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz
> release/httpd/httpd-2.4.46.tar.gz.asc
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.asc
> release/httpd/httpd-2.4.46.tar.gz.md5
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.md5
> release/httpd/httpd-2.4.46.tar.gz.sha1
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha1
> release/httpd/httpd-2.4.46.tar.gz.sha256
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha256
> release/httpd/httpd-2.4.46.tar.gz.sha512
> - copied unchanged from r40862, dev/httpd/httpd-2.4.46.tar.gz.sha512
> Removed:
> dev/httpd/CHANGES_2.4
> dev/httpd/CHANGES_2.4.46
> dev/httpd/httpd-2.4.46-deps.tar.bz2
> dev/httpd/httpd-2.4.46-deps.tar.bz2.asc
> dev/httpd/httpd-2.4.46-deps.tar.bz2.md5
> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha1
> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha256
> dev/httpd/httpd-2.4.46-deps.tar.bz2.sha512
> dev/httpd/httpd-2.4.46-deps.tar.gz
> dev/httpd/httpd-2.4.46-deps.tar.gz.asc
> dev/httpd/httpd-2.4.46-deps.tar.gz.md5
> dev/httpd/httpd-2.4.46-deps.tar.gz.sha1
> dev/httpd/httpd-2.4.46-deps.tar.gz.sha256
> dev/httpd/httpd-2.4.46-deps.tar.gz.sha512
> dev/httpd/httpd-2.4.46.tar.bz2
> dev/httpd/httpd-2.4.46.tar.bz2.asc
> dev/httpd/httpd-2.4.46.tar.bz2.md5
> dev/httpd/httpd-2.4.46.tar.bz2.sha1
> dev/httpd/httpd-2.4.46.tar.bz2.sha256
> dev/httpd/httpd-2.4.46.tar.bz2.sha512
> dev/httpd/httpd-2.4.46.tar.gz
> dev/httpd/httpd-2.4.46.tar.gz.asc
> dev/httpd/httpd-2.4.46.tar.gz.md5
> dev/httpd/httpd-2.4.46.tar.gz.sha1
> dev/httpd/httpd-2.4.46.tar.gz.sha256
> dev/httpd/httpd-2.4.46.tar.gz.sha512
> Modified:
> release/httpd/Announcement2.4.html
> release/httpd/Announcement2.4.txt
> release/httpd/CHANGES_2.4
>
> Modified: release/httpd/Announcement2.4.html
> ------------------------------------------------------------------------
> --- release/httpd/Announcement2.4.html (original)
> +++ release/httpd/Announcement2.4.html Wed Aug 5 11:32:51 2020
> @@ -49,27 +49,27 @@
> <div class="banner"></div>
>
> <h1>
> - Apache HTTP Server 2.4.43 Released
> + Apache HTTP Server 2.4.46 Released
> </h1>
> <p>
> - April 01, 2020
> + September 21, 2018
> </p>
> <p>
> The Apache Software Foundation and the Apache HTTP Server
> Project are
> pleased to <a
> href="https://www.apache.org/dist/httpd/Announcement2.4.html">announce</a>
> - the release of version 2.4.43 of the Apache
> + the release of version 2.4.46 of the Apache
> HTTP Server ("Apache"). This version of Apache is our latest GA
> release of the new generation 2.4.x branch of Apache HTTPD and
> represents fifteen years of innovation by the project, and is
> recommended over all previous releases. This release of Apache is
> - a security, feature and bug fix release.
> + a feature and bug fix release.
> </p>
> <p>
> We consider this release to be the best version of Apache
> available, and
> encourage users of all prior versions to upgrade.
> </p>
> <p>
> - Apache HTTP Server 2.4.43 is available for download from:
> + Apache HTTP Server 2.4.46 is available for download from:
> </p>
> <dl>
> <dd><a href="https://httpd.apache.org/download.cgi"
> @@ -77,7 +77,7 @@
> </dl>
> <p>
> Please see the <a href="./CHANGES_2.4">CHANGES_2.4</a> file,
> linked from the download page, for a
> - full list of changes. A condensed list, <a
> href="./CHANGES_2.4.43">CHANGES_2.4.43</a> includes only
> + full list of changes. A condensed list, <a
> href="./CHANGES_2.4.46">CHANGES_2.4.46</a> includes only
> those changes introduced since the prior 2.4 release. A summary
> of all
> of the security vulnerabilities addressed in this and earlier
> releases
> is available:
>
> Modified: release/httpd/Announcement2.4.txt
> ------------------------------------------------------------------------
> --- release/httpd/Announcement2.4.txt (original)
> +++ release/httpd/Announcement2.4.txt Wed Aug 5 11:32:51 2020
> @@ -1,19 +1,19 @@
> - Apache HTTP Server 2.4.43 Released
> + Apache HTTP Server 2.4.46 Released
>
> - April 01, 2020
> + September 21, 2018
>
> The Apache Software Foundation and the Apache HTTP Server Project
> - are pleased to announce the release of version 2.4.43 of the
> Apache
> + are pleased to announce the release of version 2.4.46 of the
> Apache
> HTTP Server ("Apache"). This version of Apache is our latest GA
> release of the new generation 2.4.x branch of Apache HTTPD and
> represents fifteen years of innovation by the project, and is
> recommended over all previous releases. This release of Apache is
> - a security, feature and bug fix release.
> + a feature and bug fix release.
>
> We consider this release to be the best version of Apache
> available, and
> encourage users of all prior versions to upgrade.
>
> - Apache HTTP Server 2.4.43 is available for download from:
> + Apache HTTP Server 2.4.46 is available for download from:
>
> https://httpd.apache.org/download.cgi
>
> @@ -24,7 +24,7 @@
> https://httpd.apache.org/docs/trunk/new_features_2_4.html
>
> Please see the CHANGES_2.4 file, linked from the download page,
> for a
> - full list of changes. A condensed list, CHANGES_2.4.43
> includes only
> + full list of changes. A condensed list, CHANGES_2.4.46
> includes only
> those changes introduced since the prior 2.4 release. A summary
> of all
> of the security vulnerabilities addressed in this and earlier
> releases
> is available:
>
> Modified: release/httpd/CHANGES_2.4
> ------------------------------------------------------------------------
> --- release/httpd/CHANGES_2.4 (original)
> +++ release/httpd/CHANGES_2.4 Wed Aug 5 11:32:51 2020
> @@ -1,6 +1,78 @@
> -*- coding: utf-8 -*-
> +Changes with Apache 2.4.46
> + *) mod_proxy_fcgi: Fix build warnings for Windows platform
> + [Eric Covener, Christophe Jaillet]
> +
> +Changes with Apache 2.4.45
> +
> + *) mod_http2: remove support for abandoned http-wg draft
> + <https://datatracker.ietf.org/doc/draft-kazuho-h2-cache-digest/>.
> + [Stefan Eissing]
> +
> +Changes with Apache 2.4.44
> +
> + *) mod_proxy_uwsgi: Error out on HTTP header larger than 16K (hard
> + protocol limit). [Yann Ylavic]
> +
> + *) mod_http2:
> + Fixes <https://github.com/icing/mod_h2/issues/200>:
> + "LimitRequestFields 0" now disables the limit, as documented.
> + Fixes <https://github.com/icing/mod_h2/issues/201>:
> + Do not count repeated headers with same name against the field
> + count limit. The are merged internally, as if sent in a single
> HTTP/1 line.
> + [Stefan Eissing]
> +
> + *) mod_http2: Avoid segfaults in case of handling certain
> responses for
> + already aborted connections. [Stefan Eissing, Ruediger Pluem]
> +
> + *) mod_http2: The module now handles master/secondary
> connections and has marked
> + methods according to use. [Stefan Eissing]
> +
> + *) core: Drop an invalid Last-Modified header value coming
> + from a FCGI/CGI script instead of replacing it with Unix epoch.
> + [Yann Ylavic, Luca Toscano]
> +
> + *) Add support for strict content-length parsing through
> addition of
> + ap_parse_strict_length() [Yann Ylavic]
> +
> + *) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when
> expression
> + evaluates to false. PR64365. [Michael König <mail ikoenig.net>]
> +
> + *) mod_proxy_http: flush spooled request body in one go to avoid
> + leaking (or long lived) temporary file. PR 64452. [Yann Ylavic]
> +
> + *) mod_ssl: Fix a race condition and possible crash when using
> a proxy client
> + certificate (SSLProxyMachineCertificateFile).
> + [Armin Abfalterer <a.abfalterer gmail.com>]
> +
> + *) mod_ssl: Fix memory leak in stapling code. PR63687. [Stefan
> Eissing]
> +
> + *) mod_http2: Fixed regression that no longer set H2_STREAM_ID
> and H2_STREAM_TAG.
> + PR64330 [Stefan Eissing]
> +
> + *) mod_http2: Fixed regression that caused connections to
> close when mod_reqtimeout
> + was configured with a handshake timeout. Fixes gitub issue #196.
> + [Stefan Eissing]
> +
> + *) mod_proxy_http2: the "ping" proxy parameter
> + (see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>)
> is now used
> + when checking the liveliness of a new or reused h2 connection
> to the backend.
> + With short durations, this makes load-balancing more
> responsive. The module
> + will hold back requests until ping conditions are met, using
> features of the
> + HTTP/2 protocol alone. [Ruediger Pluem, Stefan Eissing]
> +
> + *) core: httpd is no longer linked against -lsystemd if
> mod_systemd
> + is enabled (and built as a DSO). [Rainer Jung]
> +
> + *) mod_proxy_http2: respect ProxyTimeout settings on backend
> connections
> + while waiting on incoming data. [Ruediger Pluem, Stefan Eissing]
> +
> Changes with Apache 2.4.43
>
> + *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann
> Ylavic]
> +
> +Changes with Apache 2.4.42
> +
> *) SECURITY: CVE-2020-1934 (cve.mitre.org)
> mod_proxy_ftp: Use of uninitialized value with malicious backend FTP
> server. [Eric Covener]
> @@ -10,10 +82,6 @@ Changes with Apache 2.4.43
> matches and substitutions with encoded line break characters.
> The fix for CVE-2019-10098 was not effective. [Ruediger Pluem]
>
> - *) mod_ssl: Fix memory leak of OCSP stapling response. [Yann
> Ylavic]
> -
> -Changes with Apache 2.4.42
> -
> *) mod_proxy_http: Fix the forwarding of requests with content
> body when a
> balancer member is unavailable; the retry on the next member was
> issued
> with an empty body (regression introduced in 2.4.41). PR63891.