From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 2902046 for ecs-isp@2rosenthals.com; Wed, 29 Dec 2021 02:09:22 -0500 Received: from [192.168.200.201] (port=40258 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtp (Exim 4.94.2) (envelope-from ) id 1n2T5C-000762-2P for ecs-isp@2rosenthals.com; Wed, 29 Dec 2021 02:09:10 -0500 Received: from mta-101a.oxsus-vadesecure.net ([51.81.61.60]:42303 helo=nmtao101.oxsus-vadesecure.net) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1n2T59-00040c-2w for ecs-isp@2rosenthals.com; Wed, 29 Dec 2021 02:09:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; bh=NcbzaS40iy2oRFO8W6jVj/UwUZnR97DaoimbUG r4grY=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-subscribe:list-post: list-owner:list-archive; q=dns/txt; s=dk12062016; t=1640761747; x=1641366547; b=qT8WWyMJwiROoffcEUwXVmDwRJlonXBiTrlpp9iH4c0rrtPITC1IE2S OK1QbdQEzNZAS1BepkUfS0NqZ6P9UGTNJw3lt/IbByCcg/21JPDfa7tLUxBU801mfVknD4K oAGqnFWVkCP93nvahWypMODPD8jFJtWX9c6EUVwJV1wJls+E742QM2DN7d5H5HqDb38NhnJ dqklMjRVRDD15isnsnqfJ/e/v3dDoR7pjqHxoB9QwaODzjjxG/Bb8gBAHDMCG5wEIONLXS9 rGAIJgCFLsKJBtyWWwJU1YwPWGv+Obo8EdLj3Z8Lf9WHBUTc63+KTzRR3iLuy7GITE9+mDg /7Q== Received: from slamain ([108.193.254.190]) by smtp.oxsus-vadesecure.net ESMTP oxsus1nmtao01p with ngmta id bdaad2e7-16c5281d85071e20; Wed, 29 Dec 2021 07:09:06 +0000 Date: Tue, 28 Dec 2021 23:01:20 -0800 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] Apache update needed new CVE's reported. X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.21 BETA/60 Message-ID: In , on 12/29/21 at 03:18 PM, "Paul Smedley" said: Hiya, >Yep - I only really bothered updating the code to avoid any confusion >over the 'downloading large files' bug and which date httpd.dll was in >use. One item in the 2.4.52 changelog that did catch my interest was the mod_md updates. Automated Let's Encrypt certificate updates might be useful. >Absolutely! The only thing I have here using log4j is Openhab and that >has already been patched, plus it isn't directly accessible to the >internet anyway. As I mentioned elsewhere, what I found most interesting about the Log4J vulnerability is that it was not discovered and exploited sooner. Apparently it has existed since 2013. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------