Re: [eCS-ISP] Apache update needed new CVE's reported.
Datum:
Tue, 28 Dec 2021 23:01:20 -0800
Till:
"eCS ISP Mailing List" <ecs-isp@2rosenthals.com>
In <list-2902019@2rosenthals.com>, on 12/29/21
at 03:18 PM, "Paul Smedley" <ecs-isp@2rosenthals.com> said:
Hiya,
>Yep - I only really bothered updating the code to avoid any confusion
>over the 'downloading large files' bug and which date httpd.dll was in
>use.
One item in the 2.4.52 changelog that did catch my interest was the mod_md
updates. Automated Let's Encrypt certificate updates might be useful.
>Absolutely! The only thing I have here using log4j is Openhab and that
>has already been patched, plus it isn't directly accessible to the
>internet anyway.
As I mentioned elsewhere, what I found most interesting about the Log4J
vulnerability is that it was not discovered and exploited sooner.
Apparently it has existed since 2013.
Tillbaks till lista