[CentOS] Backporting and Apache 2.0.52 is 4 1/2 years old

Rob Townley rob.townley at gmail.com
Sun Mar 22 20:40:10 UTC 2009


http://httpd.apache.org/security/vulnerabilities_20.html

states that Apache 2.0.52 is 4 years old and the latest version is 2.0.68.
i am no longer a httpd expert, but at least one of the security fixes
involves XSS attacks via malformed ftp commands.  I also realize that
redhat / centos may patch things separately from Apache and that the
sysadmin has  a great deal to do with how secure things are, but
almost 5 years?

Does the sysadmin for www.centos.org get paid?
-------------- next part --------------
HTTP/1.1 200 OK
Date: Sun, 22 Mar 2009 19:37:51 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/4.3.9
Set-Cookie: PHPSESSID=f12ba53116e0f192b7653131d951a17d; path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: private, no-cache
Pragma: no-cache
Content-Type: text/html; charset=ISO-8859-1
Connection: keep-alive



More information about the CentOS mailing list