Openssl 1.0.1m Security Issue

Gregg · July 08, 2015, 10:34:08 PM

It (2.4.16 & 2.2.30) looks good to go, hoping they will tag them today or tomorrow.
As for OpenSSL 1.0.1p, seeing it's severity rating is "High", I'll wait till it arrives as well.

mario · July 14, 2015, 05:39:53 PM

The voting is done. Soon there will be 2.4 binaries.

Gregg · July 14, 2015, 08:09:34 PM

Yup, and I have them ready to go I just have to make them visible on the download page. Doing so now.

jowi · July 14, 2015, 09:08:26 PM

Will there also be an apache 2.2.29 openssl 1.0.1P update ?

Thanks in advance for the hard work you guys do to make my life easy

Gregg · July 14, 2015, 11:49:23 PM

Hi jowi,

No, there should be an Apache 2.2.31 with the latest OpenSSL releases in a couple of days. 2.2.30 failed to build on Windows but it was a easy fix and should not stall the release of 2.2.31.

ivantsui00 · July 27, 2015, 03:55:19 AM

Under Apache Release History, the 2.4.16 is still in development?

However, under download, what is difference between Apache 2.4.x VC9 and Apache 2.4.x VC11?

Please advise.

mario · July 27, 2015, 09:56:27 AM

The Source code is the same. The difference is the Visual C++ / Visual Studio version.

Gregg · July 29, 2015, 03:46:20 AM

Quote from: ivantsui00 on July 27, 2015, 03:55:19 AM
Under Apache Release History, the 2.4.16 is still in development?

That Release History is at the very bottom of priority when trying to get releases out. If it were a temperature it would be absolute 0. I tend to completely forget but often come back later and clean it up. The information can be gathered elsewhere too, the STATUS file in each of the branches in SVN http://svn.apache.org/viewvc/httpd/httpd/branches/

But you will notice it just mentioned the date it was tagged and released to developers for testing and voting, not the actual release date which looks like July 14.