This release was updated to reflect the OpenSSL project's release 0.9.8m of the openssl library, and addresses the TLS renegotiation prefix injection attack.
This release further addresses security issues within mod_proxy_ajp, mod_isapi, and mod_headers
Minor security fixes, Minor bugfixes, Stable (2.2.x)
This version of Apache is principally a security and bugfix release. Notably, it bundles the APR Library version 1.3.8 and APR Utility Library version 1.3.9, which address a security concern that may be triggered by some third party modules.
When the ap_http_header_filter processes an error bucket, The passed brigade is cleaned up before returning AP_FILTER_ERROR down the filter chain. Error responses set by filters were being coerced into 500 errors, sometimes appended to the original error response. A configuration option to insert strings in HTML HEAD has beena dded. A new LogFormat parameter, %k, logs the number of keepalive requests on this connection for this request.