Inguqulelo entsha ye-Apache 2.4.43 sele ikhutshiwe, iza nophuculo kwiimodyuli nokunye

La I-Apache Software Foundation ityhilwe Kwiintsuku ezithile ezidlulileyo ukukhutshwa kwenguqulelo entsha yomncedisi we-HTTP "i-Apache 2.4.43", Ebonisa iinguqu ezingama-34 kunye nobuthathaka obu-3 obuhleliweyo, ukongeza ekunikezeleni kuthotho lwezinto ezingaphezulu kwenguqulelo 2.2.

Kwabo bangaqhelekanga nge-Apache, kuya kufuneka uyazi ukuba yintoni Umthombo wewebhu weHTTP ovulekileyo, Efumaneka kumaqonga e-Unix (i-BSD, i-GNU / iLinux, njl. njl.), IMicrosoft yeWindows, iMacintosh kunye nezinye.

Yintoni entsha kwi-Apache 2.4.43?

Le nguqulo intsha yomncedisi ithathwa njengebalulekileyo njengoko iphawula ukuphela kobomi be-2.2x yesebe kwaye ukuba le nguqulo isekwe kwaye yandisa i-Apache 2.2 API kwaye iimodyuli ezibhalelwe i-Apache 2.2 kuya kufuneka zibuyekezwe ukuze zisebenze neApache 2.4.

Phakathi kolona tshintsho luphambili olubonakalayo kule nguqulo yi ukongeza imodyuli entsha "mod_systemd", que ibonelela ngokudityaniswa nomphathi wenkqubo kwaye oko kuvumela ukusebenzisa i-httpd kwiinkonzo ezinoluhlobo »Uhlobo = yazisa».

Kwakhona, iimodyuli zemod_md iphuhliswe yiprojekhthi ye-Encrypt ukwenza ukufunyanwa kunye nokugcinwa kwezatifikethi kusetyenziswa umgaqo-nkqubo we-ACME (i-Automatic Certificate Management Environment) ziyandiswa.

Ukusuka kutshintsho lweemodyuli, sinokuyifumana loo nto mod_authn_socache umda kubungakanani bomgca ogciniweyo ukonyuswe ukusuka kwi-100 ukuya kuma-256.

Kwi mod_ssl, umthetho olandelwayo we-TLS uyaxoxwa kunye nemikhosi ebonakalayo (iyahambelana nokudibanisa ne-OpenSSL-1.1.1 +.

I-Mod_ssl yongeze inkxaso yokusebenzisa i-OpenSSL ENGINE izitshixo zabucala kunye nezatifikethi xa ucacisa i-PKCS # 11 URI kwi-SSLCertificateFile / KeyFile.

mod_proxy_hcheck yongeze inkxaso ye% {Content-Type} mask kwimiboniso yovavanyo.

Yongeza i-cookieSameSite, CookieHTTPOnly kunye neCookieSecure modes kwi mod_usertrack ukuqwalasela ukucwangciswa kwecookie usertrack.

I-Mod_proxy_ajp yabaqhubi bommeleli isebenzisa iparameter "eyimfihlo" ukuxhasa umthetho olandelwayo oqinisekisiweyo we-AJP13.

Imiyalelo echazwe kumyalelo we-MDMessageCmd, umnxeba onengxoxo "efakiweyo" unikezelwa xa isatifikethi esitsha sisebenza emva kokuqalisa kwakhona iserver (umzekelo, inokusetyenziselwa ukukopa okanye ukuguqula isatifikethi esitsha sezinye izicelo).

Umyalelo weMDContactEmail wongezwa, apho ungacacisa khona i-imeyile yokunxibelelana engadibani nedatha yomyalelo weServerAdmin.

Olunye utshintsho evelele kolu hlobo:

  • Inkxaso yokuhlanganiswa komnqamlezo yongezwa kwii-apx.
  • Yonke imikhosi yokwenyani, inkxaso iyabonelelwa ngomgaqo osetyenziswayo xa kuthethathethwana nomjelo wonxibelelwano okhuselekileyo ("tls-alpn-01").
  • Izikhombisi zeMod_md zivunyelwe kwiibhloko Y .
  • Ukutshintsha useto oludala xa usebenzisa imiceli mngeni ye-MDCAC kwakhona.
  • Wongeze amandla okuseta i-url ye-CTLog Monitor.
  • Yongezwe useto lwe-OpenWRT.
  • Uvavanyo luphunyezwe kusetyenziswa inkqubo yokudibanisa eqhubekayo yeTravis CI.
  • Ukudluliswa okubhaliweyo okuphezulu kwephepha.
  • Ngenxa yokusetyenziswa kwe-hashing kwiitafile zomyalelo, ukuqala kwakhona kwimowudi "enobuntu" kukhawulezisiwe (ngaphandle kokuphazamisa abaphathi bezicelo abazenzileyo).
  • Iitafile zongezwe kwimod_lua r: headers_in_table, r: headers_out_table, r: err_headers_out_table, r: notes_table and r: subprocess_env_table, available in read-only mode. Vumela iitafile ukuba zisetelwe ukuba zingasebenzi.

Inxalenye yeempazamo ezilungisiweyo kolu hlobo lutsha:

  • I-CVE-2020-1927: ukuba semngciphekweni kwi-mod_rewrite, evumela iserver ukuba isetyenziselwe ukuhambisa iifowuni kwezinye izixhobo (ukuvula kwakhona). Olunye useto lwe-mod_rewrite lungathatha umsebenzisi luye kwelinye ikhonkco elifakelweyo kusetyenziswa uphawu lokondla umgca ngaphakathi kweparameter esetyenziswe kulungelelwaniso olukhoyo kwakhona.
  • I-CVE-2020-1934: ubungozi kwimod_proxy_ftp. Sebenzisa amaxabiso angachazwanga kunokubangela ukuvuza kwenkumbulo xa uthumela izicelo kumncedisi olawulwa ngumlawuli we-FTP.
  • Imemori evuzayo kwi-mod_ssl eyenzekayo xa izicelo ze-OCSP zidityanisiwe.

Gqibela ukuba ufuna ukwazi ngakumbi ngayo malunga noku kukhutshwa okutsha, ungakhangela iinkcukacha kwi eli khonkco lilandelayo.

Ukukhuphela

Unokufumana ingxelo entsha ngokuya kwiwebhusayithi esemthethweni ye-Apache kwaye kwicandelo lokukhuphela uya kufumana ikhonkco kwinguqulelo entsha.

Ikhonkco yile.


Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.