-
Tue Aug 27 2024 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-10.1
- Resolves: RHEL-46214 - Access logs and ErrorDocument don't work when HTTP431
occurs using http/2 on RHEL8
-
Fri Apr 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-10
- Resolves: RHEL-29817 - httpd:2.4/mod_http2: httpd: CONTINUATION frames
DoS (CVE-2024-27316)
-
Fri Feb 02 2024 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-9.3
- Resolves: RHEL-13367 - httpd:2.4/mod_http2: reset requests exhaust memory
(incomplete fix of CVE-2023-44487)(CVE-2023-45802)
-
Sat Mar 18 2023 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-8.3
- Resolves: #2177748 - CVE-2023-25690 httpd:2.4/httpd: HTTP request splitting
with mod_rewrite and mod_proxy
-
Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-7
- Resolves: #2095650 - Dependency from mod_http2 on httpd broken
-
Tue Nov 01 2022 Tomas Korbar <tkorbar@redhat.com> - 1.15.7-6
- Backport SNI feature refactor
- Resolves: rhbz#2137257
-
Mon Jan 24 2022 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-5
- Resolves: #2035030 - CVE-2021-44224 httpd:2.4/httpd: possible NULL dereference
or SSRF in forward proxy configurations
-
Thu Jan 06 2022 Luboš Uhliarik <luhliari@redhat.com> - 1.15.7-4
- Resolves: #1966728 - CVE-2021-33193 httpd:2.4/mod_http2: httpd:
Request splitting via HTTP/2 method injection and mod_proxy
-
Fri Oct 30 2020 Lubos Uhliarik <luhliari@redhat.com> - 1.15.7-3
- Resolves: #1869077 - CVE-2020-11993 httpd:2.4/mod_http2: httpd:
mod_http2 concurrent pool usage
-
Mon Aug 17 2020 Lubos Uhliarik <luhliari@redhat.com> - 1.15.7-2
- Resolves: #1869073 - CVE-2020-9490 httpd:2.4/mod_http2: httpd:
Push diary crash on specifically crafted HTTP/2 header