[users@httpd] RE: [ANNOUNCE] Apache HTTP Server 2.4.29 Released

The 2.4.29 changes document doesn't reference any CVE articles, though the announcement indicates that this is a security release. Are any of the 2.4.29 changes security related? Thanks, Jim - To unsubscribe, e-mail: users-unsu

[users@httpd] Next version of Apache 2.2?

CVE-2016-8743 was patched/mitigated in Apache 2.4 but is still an outstanding issue in 2.2, according to https://security-tracker.debian.org/tracker/CVE-2016-8743. Is there a plan to rebase it to 2.2? If so, do you know when? The reason I ask is PCI DSS requires that we have all vulnerabilities