La I-Apache Software Foundation yethulwe Ezinsukwini ezithile ezedlule ukukhishwa kwenguqulo entsha yeseva ye-HTTP "i-Apache 2.4.43", Eletha izinguquko ezingama-34 nobungozi obungu-3 bulungisiwe, ngaphezu kokuhlinzeka ngochungechunge lokuthuthuka kunenguqulo 2.2.
Kulabo abangajwayelene ne-Apache, kufanele bazi ukuthi kuyini iseva yewebhu ye-HTTP yomthombo ovulekile, etholakala kuzingxenyekazi ze-Unix (i-BSD, i-GNU / i-Linux, njll.), iMicrosoft Windows, iMacintosh nezinye.
Yini okusha ku-Apache 2.4.43?
Le nguqulo entsha yeseva ithathwa njengebalulekile njengoba kukhombisa ukuphela kwempilo yegatsha elingu-2.2x nokuthi le nguqulo isuselwe futhi inwebisa i-Apache 2.2 API futhi amamojuli abhalelwe i-Apache 2.2 kuzodingeka abuyiselwe ukuze asebenze ne-Apache 2.4.
Phakathi kwezinguquko ezinkulu ezigqamile kule nguqulo yi ungeza imodyuli entsha "mod_systemd", lokho inikeza ukuhlanganiswa nomphathi wohlelo lweSystemd futhi lokho kuvumela ukusebenzisa i-httpd kumasevisi ngohlobo »Type = notify».
Futhi, mod_md amakhono wamamojula ithuthukiswe yiphrojekthi ethi Masibethele ukwenza i-automate ukwamukelwa nokugcinwa kwezitifiketi kusetshenziswa umthetho olandelwayo we-ACME (i-Automatic Certificate Management Environment) ziyandiswa.
Kusukela kuzinguquko kumamojula, singakuthola lokho kwe mod_authn_socache umkhawulo osayizi womugqa ofakwe kunqolobane ukhulisiwe ukusuka ku-100 kuye ku-256.
Ku-mod_ssl, umthetho olandelwayo we-TLS uxoxiswene kanye nabasingathi ababonakalayo (okuhambisana nokuhlanganiswa ne-OpenSSL-1.1.1 +.
UMod_ssl ungeze ukusekelwa kokusebenzisa okhiye nezitifiketi ezizimele ze-OpenSSL ENGINE lapho kucaciswa i-PKCS # 11 URI ku-SSLCertificateFile / KeyFile.
i-mod_proxy_hcheck ingeze usekelo lwe-% {Content-Type} mask kumasisho wokuhlola.
CookieSameSite, CookieHTTPOnly and CookieSecure modes added to mod_usertrack ukulungisa i-cookie processing usertrack.
IMod_proxy_ajp yabashayeli bama-proxy isebenzisa ipharamitha "eyimfihlo" ukusekela umthetho olandelwayo we-AJP13 owehlisiwe.
Ngemiyalo echazwe kusiqondisi se-MDMessageCmd, ikholi enengxabano "efakiwe" inikezwa lapho kwenziwa isitifiketi esisha ngemuva kokuqalisa kabusha isiphakeli (isibonelo, singasetshenziswa ukukopisha noma ukuguqula isitifiketi esisha sezinye izinhlelo zokusebenza).
Isiqondisi seMDContactEmail sengeziwe, lapho ungacacisa khona i-imeyili yokuxhumana engahambelani nemininingwane ekusiqondisi se-ServerAdmin.
Kwezinye izinguquko okuvelele kule nguqulo:
- Ukusekelwa kokuhlanganiswa kwesiphambano kungezwe kuma-apx.
- Kubo bonke ababungazi ababonakalayo, ukusekelwa kunikezwa umthetho olandelwayo osetshenziswayo lapho kuxoxiswana ngesiteshi sokuxhumana esivikelekile ("tls-alpn-01").
- Imikhombandlela ye-Mod_md ivunyelwe kumabhulokhi futhi .
- Kushintshwe izilungiselelo zangaphambilini lapho usebenzisa izinselelo zeMDCAC futhi.
- Kungezwe amandla okusetha i-url ye-CTLog Monitor.
- Kungezwe ukumiswa okusethelwe i-OpenWRT.
- Ukuhlolwa kwenziwa kusetshenziswa uhlelo lokuhlanganisa oluqhubekayo lweTravis CI.
- Izihloko zokufaka ikhodi zokudluliswa okuhlukanisiwe.
- Ngenxa yokusetshenziswa kwe-hashing yamathebula womyalo, ukuqala kabusha kumodi "enomusa" kusheshisiwe (ngaphandle kokuphazamisa abaphathi bezicelo abasetshenzisiwe).
- Amathebula engezwe ku- mod_lua r: headers_in_table, r: headers_out_table, r: err_headers_out_table, r: notes_table kanye r: subprocess_env_table, atholakala ngemodi yokufunda kuphela. Vumela amatafula ukuthi asethwe angasebenzi.
Ngokwengxenye yamaphutha alungisiwe kule nguqulo entsha:
- I-CVE-2020-1927: ukuba sengozini kwe-mod_rewrite, okuvumela iseva ukuthi isetshenziselwe ukudlulisela izingcingo kwezinye izinsiza (ukuvula kabusha ukuqondisa kabusha). Ezinye izilungiselelo ze-mod_rewrite zingathatha umsebenzisi ziye kwesinye isixhumanisi esifakiwe kusetshenziswa umugqa wokuphakelayo komugqa ngaphakathi kwepharamitha esetshenziswe ekuqondisweni kabusha okukhona.
- I-CVE-2020-1934: ukuba sengozini ku-mod_proxy_ftp. Sebenzisa amanani angaqalisiwe kungadala ukuvuza kwenkumbulo lapho kuthunyelwa izicelo kuseva ye-FTP elawulwa ngabahlaseli.
- Ukuvuza kwenkumbulo ku-mod_ssl okwenzeka lapho kufakwa izicelo ze-OCSP.
Okokugcina uma ufuna ukwazi kabanzi ngayo mayelana nalokhu kukhishwa okusha, ungabheka imininingwane ku- isixhumanisi esilandelayo.
Landa
Ungathola inguqulo entsha ngokuya kuwebhusayithi esemthethweni ye-Apache futhi esigabeni sayo sokulanda uzothola isixhumanisi senguqulo entsha.