I love CentOS, but I am seriously regretting selecting Centos 4.4 for my production hosting servers. The current situation with CentOS 4.4 and being stuck at Apache 2.0.52 is a huge problem because of the new requirements for the Credit Card industry PCI scan. Apache 2.0.52 does not pass PCI compliance scans. which means no ecommerce on any of these servers - MAJOR ISSUE. So my question to the community is: when are new Apache RPM's going to be released or at minimum a backported version that plugs these security holes so we can pass PCI scans. Apache 2.0.52 has some major issues that need to be dealt with?
Help us out here. I know I am not the only one in this situation. every hosting company that uses Ensim Pro X is just where I am. Any insight or better yet a solution to this would be great.
Are you actually using CentOS 4.4 or are you using a fully updated version of CentOS 4.6? If you are fully updated, or simply download the latest CentOS 4 httpd package and run "rpm -q --changelog httpd | less" for an installed package or "rpm -qp --changelog /path/to/httpd/package | less" for a downloaded, but not yet installed package, you can see all of the changes, complete with which CVE issues have been addressed in each package build.
Barry