[CentOS] Need httpd / apache RPM > 2.2.3 for 5.3
Alexander Dalloz
ad+lists at uni-x.org
Sat Aug 29 21:17:08 UTC 2009
Alan McKay schrieb:
> OK, here is the interesting part :-)
>
> I'm new here as of about 4 months ago, and I just asked some coworkers
> why we went with 2.2.10 instead of the 2.2.3 that comes with CentOS
>
> Apparently at the time we'd been having some problems with mod_perl
> crashing (and still are in fact - I'm working on it slowly but
> surely), and we'd hired an outside consulting company to help out with
> it. Their first comment was that 2.2.3 was "extremely buggy" and that
> we should definitely not go with it. So that's what we did. The
> newest release at the time was 2.2.10 and that's where we are.
And the problem you have is that you still stick with release 2.2.10 -
regardless of any security issue. Nobody has cared to update.
Check yourself
http://apache.mirror.clusters.cc/httpd/CHANGES_2.2
for occurances of "SECURITY" and CVE numbers since the release of 2.2.10.
If you really run 2.2.10 since the days of those glorious consultants
you webserver has several security holes.
Going with what CentOS ships, even if the package number indicates an
older release, you have the advantage that the upstream takes care for
security fixes by backporting.
[ ... ]
> thanks,
> -Alan
Best regards
Alexander
More information about the CentOS
mailing list