Hi, On 2023-04-03 14:27:48 +0200, Harald Dunkel wrote: > AFAIU apache2 2.4.56-1 has been included in Bullseye to mitigate > CVE-2023-27522 and CVE-2023-25690 (both some mod_proxy issue > with high severity). Good thing. > > Unfortunately this introduced 2 regressions for mod_rewrite and > http2, see > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033284 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033408 > https://metadata.ftp-master.debian.org/changelogs//main/a/apache2/apache2_2.4.56-2_changelog > > Would it be possible to fix the upgrade? I can turn off http2, > but I feel *very* bad about running an apache with a broken > mod_rewrite in production.
What about apache2 2.4.56-2? "Fix regression in mod_rewrite introduced in version 2.4.56" "Fix regression in http2 introduced by 2.4.56" -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
