Sabon sigar Apache 2.4.43 an riga an sake shi, ya zo tare da inganta cikin kayayyaki da ƙari

Darkcrizt

4 minti

La Asusun Software na Apache ya bayyana Wasu kwanaki da suka gabata fitowar sabon sigar na sabar HTTP "Apache 2.4.43", wanda ke gabatar da canje-canje 34 da 3 raunin rauni, ban da samar da jerin ci gaba akan sigar 2.2.

Ga waɗanda ba su san Apache ba, ya kamata su san abin da yake uwar garken gidan yanar gizo na HTTP bude, wanda ke samuwa ga dandamali na Unix (BSD, GNU / Linux, da sauransu), Microsoft Windows, Macintosh da sauransu.

Menene sabo a Apache 2.4.43?

Wannan sabon sigar na sabar yana dauke da mahimmanci yayin da yake nuna ƙarshen rayuwa ta reshe na 2.2x kuma cewa wannan sigar ta dogara ne kuma ta faɗaɗa Apache 2.2 API kuma matakan da aka rubuta don Apache 2.2 dole ne a sake tsara su don aiki tare da Apache 2.4.

Daga cikin manyan canje-canjen da suka yi fice a cikin wannan sigar shine ƙara sabon rukuni "mod_systemd", que yana ba da haɗin kai tare da mai sarrafa tsarin Systemd kuma hakan yana ba da damar amfani da httpd a cikin ayyuka tare da nau'in »Type = sanar».

Har ila yau, damar mod_md ɓullo da aikin Bari mu Encrypt don sanya aikin karɓar rago da kuma kiyaye takaddun shaida ta amfani da yarjejeniyar ACME (Mahalli na Gudanar da Takaddun Shaida ta atomatik) an fadada.

Daga canje-canje a cikin matakan, zamu iya samun hakan don mod_authn_socache an kara iyaka akan girman layin da aka adana daga 100 zuwa 256.

A cikin mod_ssl, an yi yarjejeniya da yarjejeniyar TLS tare da masu karɓar baƙi (masu jituwa tare da tattarawa tare da OpenSSL-1.1.1 +.

Mod_ssl ya ƙara tallafi don amfani da maɓallan sirri na OpenSSL ENGINE da takaddun shaida lokacin tantance takamaiman PKCS # 11 URI a cikin SSLCertificateFile / KeyFile.

mod_proxy_hcheck ya ƙara tallafi don% {entunshi-Type} abun rufe fuska a cikin maganganun gwaji.

CookiesSameSite, CookieHTTPKadai da CookieSecure hanyoyin da aka kara zuwa mod_usertrack don saita usertrack mai sarrafa kuki.

Mod_proxy_ajp don direbobin wakili suna aiwatar da sigar "ɓoyayyen" don tallafawa lalatacciyar hanyar tabbatar da yarjejeniya AJP13.

Don umarnin da aka bayyana a cikin umarnin MDMessageCmd, ana bayar da kira tare da hujja "shigar" lokacin da aka kunna sabon takaddun shaida bayan sake farawa uwar garken (alal misali, ana iya amfani da shi don kwafa ko canza sabuwar takardar shaidar don sauran aikace-aikace).

An kara umarnin MDContactEmail, ta inda zaka iya tantance email din da zai baka lambar sadarwa wacce bata zoba da bayanan a cikin umarnin ServerAdmin.

Na sauran canje-canje cewa tsaya a waje daga wannan version:

  • An kara tallafin tattara kayan giciye zuwa apxs.
  • Ga dukkan rundunonin kama-da-wane, ana bayar da tallafi don yarjejeniyar da aka yi amfani da ita yayin tattaunawar amintaccen tashar sadarwa ("tls-alpn-01").
  • An ba da umarnin Mod_md a cikin tubalan Y .
  • Sauya saitunan baya lokacin amfani da ƙalubalen MDCAC.
  • Abilityara ikon saita url don CTLog Monitor.
  • Configurationara saitin da aka saita don OpenWRT.
  • An aiwatar da gwaje-gwaje ta amfani da tsarin haɗin kai na Travis CI.
  • Canjin taken sauya fasalin fasali.
  • Saboda amfani da hashing don allunan umarni, sake kunnawa a cikin "kyakkyawa" yanayin an cika shi da sauri (ba tare da tsangwama ga masu buƙatar neman ba).
  • An saka tebura a cikin mod_lua r: headers_in_table, r: headers_out_table, r: err_headers_out_table, r: bayanin kula_table da r: subprocess_env_table, ana samunsu cikin yanayin karanta kawai. Bada izinin saita tebura don lalacewa.

Ga bangaren kurakuran da aka gyara a cikin wannan sabon sigar:

  • CVE-2020-1927: raunin yanayi a cikin mod_rewrite, wanda ke ba da damar amfani da sabar don tura kira zuwa wasu albarkatun (buɗe turawa). Wasu saitunan mod_rewrite na iya ɗaukar mai amfani zuwa wani mahada wanda aka sanya shi ta amfani da halayyar ciyar da layin cikin layin da aka yi amfani da shi a cikin turawar da take.
  • CVE-2020-1934: yanayin rauni a cikin mod_proxy_ftp. Amfani da ƙididdiga mara kyau na iya haifar da ƙwaƙwalwar ajiya yayin aika buƙatu zuwa uwar garken FTP mai sarrafa mahare.
  • Waƙwalwar ajiya a cikin mod_ssl wanda ke faruwa lokacin da aka haɗa buƙatun OCSP.

Finalmente idan kanaso ka kara sani game dashi game da wannan sabon sakin, zaku iya bincika cikakkun bayanai a ciki mahada mai zuwa.

Saukewa

Kuna iya samun sabon sigar ta hanyar zuwa gidan yanar gizon Apache na hukuma kuma a cikin sashin saukarwa zaku sami hanyar haɗi zuwa sabon sigar.

Haɗin haɗin shine wannan.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.