Apache HTTP Server 2.4.60 released

The stable version of Apache HTTP Server 2.4.60 is now available following four release candidates. Apache HTTP Server 2.4.60 has been upgraded to address a number of security vulnerabilities. These include a potential SSRF in mod_rewrite, a crash resulting in denial of service in mod_proxy caused by a malicious request, a vulnerability in the core of Apache HTTP Server 2.4.59 and earlier, a vulnerability in mod_rewrite when the first segment of substitution matches the filesystem path, a weakness with encoded question marks in backreferences, and a proxy encoding issue. Users should upgrade to version 2.4.60 to address these vulnerabilities.

Read more @ Linux Compatible