Apache HTTP Server 2.2.17 版本发布,最流行的HTTP服务器软件之一。快速、可靠、可通过简单的API扩展,Perl/Python解释器可被编译到服务器中,完全免费,完全源代码开放。 如果你需要创建一个每天有数百万人访问的Web服务器,Apache可能是最佳选择。
Changes with Apache 2.4.27
*) COMPATIBILITY: mod_lua: Remove the undocumented exported ‘apr_table’
global variable when using Lua 5.2 or later. This was exported as a side effect from luaL_register, which is no longer supported as of Lua 5.2 which deprecates pollution of the global namespace.
*) COMPATIBILITY: mod_http2: Disable and give warning when using Prefork.
The server will continue to run, but HTTP/2 will no longer be negotiated.
*) COMPATIBILITY: mod_proxy_fcgi: Revert to 2.4.20 FCGI behavior for the default ProxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202.
*) mod_lua: Improve compatibility with Lua 5.1, 5.2 and 5.3.
PR58188, PR60831, PR61245.
*) mod_http2: Simplify ready queue, less memory and better performance. Update
mod_http2 version to 1.10.7.
*) Allow single-char field names inadvertently disallowed in 2.4.25.
PR 61220.
*) htpasswd / htdigest: Do not apply the strict permissions of the temporary
passwd file to a possibly existing passwd file. PR 61240.
*) core: Avoid duplicate HEAD in Allow header.
This is a regression in 2.4.24 (unreleased), 2.4.25 and 2.4.26.
PR 61207.
More
此安全更新可解决 Microsoft Windows HTTP 服务 (WinHTTP) 中一个公开披露和两个秘密报告的漏洞。此最严重的漏洞可能允许远程执行代码。 成功利用此漏洞的攻击者可以完全控制受影响的系统。攻击者可随后安装程序;查看、更改或删除数据;或者创建拥有完全用户权限的新帐户。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。