Alan McKay schrieb: > OK, here is the interesting part :-) > > I'm new here as of about 4 months ago, and I just asked some coworkers > why we went with 2.2.10 instead of the 2.2.3 that comes with CentOS > > Apparently at the time we'd been having some problems with mod_perl > crashing (and still are in fact - I'm working on it slowly but > surely), and we'd hired an outside consulting company to help out with > it. Their first comment was that 2.2.3 was "extremely buggy" and that > we should definitely not go with it. So that's what we did. The > newest release at the time was 2.2.10 and that's where we are. And the problem you have is that you still stick with release 2.2.10 - regardless of any security issue. Nobody has cared to update. Check yourself http://apache.mirror.clusters.cc/httpd/CHANGES_2.2 for occurances of "SECURITY" and CVE numbers since the release of 2.2.10. If you really run 2.2.10 since the days of those glorious consultants you webserver has several security holes. Going with what CentOS ships, even if the package number indicates an older release, you have the advantage that the upstream takes care for security fixes by backporting. [ ... ] > thanks, > -Alan Best regards Alexander