> I love CentOS, but I am seriously regretting selecting Centos 4.4 for my > production hosting servers. The current situation with CentOS 4.4 and being > stuck at Apache 2.0.52 is a huge problem because of the new requirements for > the Credit Card industry PCI scan. Apache 2.0.52 does not pass PCI > compliance scans. which means no ecommerce on any of these servers - MAJOR > ISSUE. So my question to the community is: when are new Apache RPM's going > to be released or at minimum a backported version that plugs these security > holes so we can pass PCI scans. Apache 2.0.52 has some major issues that > need to be dealt with? > > Help us out here. I know I am not the only one in this situation. every > hosting company that uses Ensim Pro X is just where I am. > Any insight or better yet a solution to this would be great. Are you actually using CentOS 4.4 or are you using a fully updated version of CentOS 4.6? If you are fully updated, or simply download the latest CentOS 4 httpd package and run "rpm -q --changelog httpd | less" for an installed package or "rpm -qp --changelog /path/to/httpd/package | less" for a downloaded, but not yet installed package, you can see all of the changes, complete with which CVE issues have been addressed in each package build. Barry