La I-Apache Software Foundation ityhilwe Kwiintsuku ezithile ezidlulileyo ukukhutshwa kwenguqulelo entsha yomncedisi we-HTTP "i-Apache 2.4.43", Ebonisa iinguqu ezingama-34 kunye nobuthathaka obu-3 obuhleliweyo, ukongeza ekunikezeleni kuthotho lwezinto ezingaphezulu kwenguqulelo 2.2.
Kwabo bangaqhelekanga nge-Apache, kuya kufuneka uyazi ukuba yintoni Umthombo wewebhu weHTTP ovulekileyo, Efumaneka kumaqonga e-Unix (i-BSD, i-GNU / iLinux, njl. njl.), IMicrosoft yeWindows, iMacintosh kunye nezinye.
Yintoni entsha kwi-Apache 2.4.43?
Le nguqulo intsha yomncedisi ithathwa njengebalulekileyo njengoko iphawula ukuphela kobomi be-2.2x yesebe kwaye ukuba le nguqulo isekwe kwaye yandisa i-Apache 2.2 API kwaye iimodyuli ezibhalelwe i-Apache 2.2 kuya kufuneka zibuyekezwe ukuze zisebenze neApache 2.4.
Phakathi kolona tshintsho luphambili olubonakalayo kule nguqulo yi ukongeza imodyuli entsha "mod_systemd", que ibonelela ngokudityaniswa nomphathi wenkqubo kwaye oko kuvumela ukusebenzisa i-httpd kwiinkonzo ezinoluhlobo »Uhlobo = yazisa».
Kwakhona, iimodyuli zemod_md iphuhliswe yiprojekhthi ye-Encrypt ukwenza ukufunyanwa kunye nokugcinwa kwezatifikethi kusetyenziswa umgaqo-nkqubo we-ACME (i-Automatic Certificate Management Environment) ziyandiswa.
Ukusuka kutshintsho lweemodyuli, sinokuyifumana loo nto mod_authn_socache umda kubungakanani bomgca ogciniweyo ukonyuswe ukusuka kwi-100 ukuya kuma-256.
Kwi mod_ssl, umthetho olandelwayo we-TLS uyaxoxwa kunye nemikhosi ebonakalayo (iyahambelana nokudibanisa ne-OpenSSL-1.1.1 +.
I-Mod_ssl yongeze inkxaso yokusebenzisa i-OpenSSL ENGINE izitshixo zabucala kunye nezatifikethi xa ucacisa i-PKCS # 11 URI kwi-SSLCertificateFile / KeyFile.
mod_proxy_hcheck yongeze inkxaso ye% {Content-Type} mask kwimiboniso yovavanyo.
Yongeza i-cookieSameSite, CookieHTTPOnly kunye neCookieSecure modes kwi mod_usertrack ukuqwalasela ukucwangciswa kwecookie usertrack.
I-Mod_proxy_ajp yabaqhubi bommeleli isebenzisa iparameter "eyimfihlo" ukuxhasa umthetho olandelwayo oqinisekisiweyo we-AJP13.
Imiyalelo echazwe kumyalelo we-MDMessageCmd, umnxeba onengxoxo "efakiweyo" unikezelwa xa isatifikethi esitsha sisebenza emva kokuqalisa kwakhona iserver (umzekelo, inokusetyenziselwa ukukopa okanye ukuguqula isatifikethi esitsha sezinye izicelo).
Umyalelo weMDContactEmail wongezwa, apho ungacacisa khona i-imeyile yokunxibelelana engadibani nedatha yomyalelo weServerAdmin.
Olunye utshintsho evelele kolu hlobo:
- Inkxaso yokuhlanganiswa komnqamlezo yongezwa kwii-apx.
- Yonke imikhosi yokwenyani, inkxaso iyabonelelwa ngomgaqo osetyenziswayo xa kuthethathethwana nomjelo wonxibelelwano okhuselekileyo ("tls-alpn-01").
- Izikhombisi zeMod_md zivunyelwe kwiibhloko Y .
- Ukutshintsha useto oludala xa usebenzisa imiceli mngeni ye-MDCAC kwakhona.
- Wongeze amandla okuseta i-url ye-CTLog Monitor.
- Yongezwe useto lwe-OpenWRT.
- Uvavanyo luphunyezwe kusetyenziswa inkqubo yokudibanisa eqhubekayo yeTravis CI.
- Ukudluliswa okubhaliweyo okuphezulu kwephepha.
- Ngenxa yokusetyenziswa kwe-hashing kwiitafile zomyalelo, ukuqala kwakhona kwimowudi "enobuntu" kukhawulezisiwe (ngaphandle kokuphazamisa abaphathi bezicelo abazenzileyo).
- Iitafile zongezwe kwimod_lua r: headers_in_table, r: headers_out_table, r: err_headers_out_table, r: notes_table and r: subprocess_env_table, available in read-only mode. Vumela iitafile ukuba zisetelwe ukuba zingasebenzi.
Inxalenye yeempazamo ezilungisiweyo kolu hlobo lutsha:
- I-CVE-2020-1927: ukuba semngciphekweni kwi-mod_rewrite, evumela iserver ukuba isetyenziselwe ukuhambisa iifowuni kwezinye izixhobo (ukuvula kwakhona). Olunye useto lwe-mod_rewrite lungathatha umsebenzisi luye kwelinye ikhonkco elifakelweyo kusetyenziswa uphawu lokondla umgca ngaphakathi kweparameter esetyenziswe kulungelelwaniso olukhoyo kwakhona.
- I-CVE-2020-1934: ubungozi kwimod_proxy_ftp. Sebenzisa amaxabiso angachazwanga kunokubangela ukuvuza kwenkumbulo xa uthumela izicelo kumncedisi olawulwa ngumlawuli we-FTP.
- Imemori evuzayo kwi-mod_ssl eyenzekayo xa izicelo ze-OCSP zidityanisiwe.
Gqibela ukuba ufuna ukwazi ngakumbi ngayo malunga noku kukhutshwa okutsha, ungakhangela iinkcukacha kwi eli khonkco lilandelayo.
Ukukhuphela
Unokufumana ingxelo entsha ngokuya kwiwebhusayithi esemthethweni ye-Apache kwaye kwicandelo lokukhuphela uya kufumana ikhonkco kwinguqulelo entsha.