On 2021-12-20 the project released version 2.4.52 of Apache httpd. 2 CVEs have been fixed, several bugs have been addressed. The server has been tested with OpenSSL 3.0.1. A new, experimental for Rust based TLS and ACME EAB support has been added. In detail: CVEs mod_lua A buffer overflow, a classic C weakness, has been identified in multipart POST handling inside mod_lua. If you do not have that module loaded into your installation, you are not affected. The overflow can be triggered by an o...
