The Apache Haus Forum

Advanced search  

News:

Welcome to Apache Haus Distribution Forum

Pages: [1]   Go Down

Author Topic: mod_fcgid 2.3.9 for Apache 2.2.x & 2.4 Released  (Read 6801 times)

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 848
mod_fcgid 2.3.9 for Apache 2.2.x & 2.4 Released
« on: October 08, 2013, 12:51:13 AM »

Announcing the release of mod_fcgid 2.3.9 for Apache 2.2 and 2.4.
Available on our download page.

Change in this version consist of:
Changes with mod_fcgid 2.3.9

  *) Revert fix for PR 53693, added in 2.3.8 but undocumented.  Fix
     issues with a minor optimization added in 2.3.8.  [Jeff Trawick]

Changes with mod_fcgid 2.3.8 (Not Released)

  *) SECURITY: CVE-2013-4365 (cve.mitre.org)
     Fix possible heap buffer overwrite.  Reported and solved by:
     [Robert Matthews <rob tigertech.com>]

  *) Correctly parse quotation and escaped spaces in FcgidWrapper and the
     AAA Authenticator/Authorizor/Access directives' command line argument,
     as currently documented.  PR 51194  [William Rowe]

  *) Honor quoted FcgidCmdOptions arguments (notably for InitialEnv
     assignments).  PR 51657  [William Rowe]

  *) Conform script response parsing with mod_cgid and ensure no response
     body is sent when ap_meets_conditions() determines that request
     conditions are met.  [Chris Darroch]

  *) Improve logging in access control hook functions.  [Chris Darroch]

  *) Avoid making internal sub-requests and processing Location headers
     when in FCGI_AUTHORIZER mode, as the auth hook functions already
     treat Location headers returned by scripts as an error since
     redirections are not meaningful in this mode.  [Chris Darroch]
Logged

chromerep

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 63
Re: mod_fcgid 2.3.9 for Apache 2.2.x & 2.4 Released
« Reply #1 on: October 09, 2013, 02:07:22 AM »

Does this release fix the mentioned issue?(http://www.apachelounge.com/viewtopic.php?p=25699#25699)
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 583
Re: mod_fcgid 2.3.9 for Apache 2.2.x & 2.4 Released
« Reply #2 on: October 09, 2013, 11:11:33 AM »

Does this release fix the mentioned issue?(http://www.apachelounge.com/viewtopic.php?p=25699#25699)

Yes it does.

Quote
  *) Correctly parse quotation and escaped spaces in FcgidWrapper and the
     AAA Authenticator/Authorizor/Access directives' command line argument,
     as currently documented.  PR 51194  [William Rowe]
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 583
Re: mod_fcgid 2.3.9 for Apache 2.2.x & 2.4 Released
« Reply #3 on: October 09, 2013, 01:52:13 PM »

Some users complained that for them the bug still exists. Well you have to escape the white spaces.
Logged

Gregg

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 848
Re: mod_fcgid 2.3.9 for Apache 2.2.x & 2.4 Released
« Reply #4 on: October 09, 2013, 06:11:15 PM »

Yes you have to escape white spaces, as the change clearly states. I agree it's strange, but it allows you to have the white space which is much better than what it was in prior versions.
Logged

chromerep

  • Jr. Member
  • **
  • Offline Offline
  • Posts: 63
Re: mod_fcgid 2.3.9 for Apache 2.2.x & 2.4 Released
« Reply #5 on: October 09, 2013, 11:20:55 PM »

If I set vhost,should I add white space to the path setting?
Logged

mario

  • Administrator
  • Member Elite
  • *****
  • Offline Offline
  • Posts: 583
Re: mod_fcgid 2.3.9 for Apache 2.2.x & 2.4 Released
« Reply #6 on: October 11, 2013, 12:04:45 PM »

Nope ypu should add white space unless you have to!

The new version shall be able to handle white space if you escape it with \ (backslash). But not using white space in your paths in the better option.
Logged
Pages: [1]   Go Up
 

Sitemap 1 2 3 4 5 6 7 8 9 10 11 12 13