The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.4.29 of the Apache HTTP Server ("httpd").
This latest release from the 2.4.x stable branch represents the best available version of Apache HTTP Server.
- mod_unique_id: Use output of the PRNG rather than IP address and pid, avoiding sleep() call and possible DNS issues at startup, plus improving randomness for IPv6-only hosts.
- mod_rewrite, core: Avoid the 'Vary: Host' response header when HTTP_HOST is used in a condition that evaluates to true.
- mod_http2: v0.10.12, removed optimization for mutex handling in bucket beams that could lead to assertion failure in edge cases.
- mod_proxy: Fix regression for non decimal loadfactor parameter introduced in 2.4.28.
- mod_authz_dbd: fix a segmentation fault if AuthzDBDQuery is not set.
- mod_rewrite: Add support for starting External Rewriting Programs as non-root user on UNIX systems by specifying username and group name as third argument of RewriteMap directive.
- core: Rewrite the Content-Length filter to avoid excessive memory consumption. Chunked responses will be generated in more cases than in previous releases.
- mod_ssl: Fix SessionTicket callback return value, which does seem to matter with OpenSSL 1.1.
Recommended action: Install the latest verrsion