Release Notes - Apache HTTP Server 2.2
- 07/07/2011 8:28 AM
Overview - Apache HTTP Server 2.2 (CentOS 6 only)
This Release Note covers all point releases for Apache HTTP Server 2.2 that are offered by eApps. Upgrade instructions are included.
NOTE - eApps maintains Apache HTTP Server 2.2 for CentOS 6 OS Templates. We recommend using CentOS 7 OS Templates for Apache HTTP Server 2.4. Maintenance of Apache HTTP Server 2.4 is performed by the CentOS community. If you are using a CentOS 6 OS Template and wish to move to a CentOS 7 OS Template, please contact eApps Sales.
Apache HTTP Server 2.2 is a major release of the Apache HTTP Server. This release has introduced new functionality and significant changes to the existing Apache HTTP Server. If you are upgrading from any prior version of the Apache HTTP Server to Apache HTTP Server 2.2, there is a HIGH RISK of data loss and downtime if you do not carefully test your existing application with this new version. |
eApps recommends, as a best practice, to maintain a staging server where you can test software upgrades before moving them into production. This approach will allow you to minimize the risk of data loss and downtime of your production service when performing software upgrades. If necessary, you can rebuild your staging Virtual Server on demand so that you have a fresh installation to test on. If you need more information about setting up a Virtual Server for staging or testing, please contact eApps Sales.
IMPORTANT: Apache HTTP Server 2.2 has an extensive list of new features and changes. See the Official Apache HTTP Server 2.2 New Features documentation for a list of changes that may cause issues when upgrading: http://httpd.apache.org/docs/2.2/new_features_2_2.html. Please read this document carefully to understand all the changes in the Apache HTTP Server 2.2 release. Upgrading to this version may significantly impact the operation of your website. All Apache HTTP Server 2.2 documentation is located here: http://httpd.apache.org/docs/2.2/
eApps Release Notes for Apache HTTP Server 2.2.31
eApps Release Notes for Apache HTTP Server 2.2.29
eApps Release Notes for Apache HTTP Server 2.2.27
eApps Release Notes for Apache HTTP Server 2.2.26
How to Upgrade
Apache HTTP Server 2.2.x to Apache HTTP Server 2.2.y (newer version)
Highlighted Features and Fixes in Apache HTTP Server 2.2.31
Features
mod_ssl
has improvements for PCI compliance using DH and ECDH keys with custom parameters in the SSLCertificateFile. Several othermod_ssl
changes have been implemented, please see the Release Notes for more information (look for mod_ssl in the Changes with Apache 2.2.30 (not released) section).
Fixes
- Fixes CVE-2015-3183, an issue with chunk header parsing
- SSLCipherSuite and SSLProxyCipherSuite now exclude RC4 as well as MD5, per RFC 7525
The official Release Notes for Apache HTTP Server 2.2.31 are available here - http://www.apache.org/dist/httpd/CHANGES_2.2.31
Highlighted Features and Fixes in Apache HTTP Server 2.2.29
Features
Apache HTTP Server 2.2.29 is a bug fix and security release, no new features have been added.
Fixes
- Fixes CVE-2014-0118, an issue with mod_deflate to avoid a DOS attack using highly compressed bodies
- Fixes CVE-2014-0226, where a race condition in scoreboard handling could lead to a buffer overflow
- Fixes CVE-2014-0231, an issue with mod_cgid that could cause a DOS attack
The official Release Notes for Apache HTTP 2.2.29 are no longer directly available, you will need to view the entire ChangeLog for the 2.2 release, and scroll down to find the 2.2.29 specific notes - http://www.apache.org/dist/httpd/CHANGES_2.2
Highlighted Features and Fixes in Apache HTTP Server 2.2.27
Features
Apache HTTP Server 2.2.27 is a bug fix release, no new features have been added.
Fixes
- Fixes CVE-2014-0098, an issue where a truncated cookie could cause a segfault
- Fixes CVE-2013-6438, where a potential DOS attack could be created by using a specific DAV WRITE request
The official Release Notes for Apache HTTP 2.2.27 are no longer directly available, you will need to view the entire ChangeLog for the 2.2 release, and scroll down to find the 2.2.27 specific notes - http://www.apache.org/dist/httpd/CHANGES_2.2
Highlighted Features and Fixes in Apache HTTP Server 2.2.26
Features
Apache HTTP Server 2.2.26 is a bug fix release, no new features have been added.
The official Release Notes for Apache HTTP 2.2.26 are no longer directly available, you will need to view the entire ChangeLog for the 2.2 release, and scroll down to find the 2.2.26 specific notes - http://www.apache.org/dist/httpd/CHANGES_2.2
How to upgrade
It is your responsibility to ensure that your website will work on the newer version of the Apache HTTP Server. There may be incompatibilities that will affect how your website works. Please make sure that you have read the official Release Notes and Changelog, and have done any necessary testing before upgrading a production application.
You should also make a backup of your website, your application, your configuration, and any tunings or changes you have made. If you do not have current backups and something goes wrong during the upgrade process, you could have data loss.
To upgrade Apache HTTP Server, you will need to work from the command line using SSH, and you will need to be able to work as the root user. You will need to use yum to upgrade the application.
Apache HTTP Server 2.2.x to Apache HTTP Server 2.2.y (newer version)
Once you are connected to the Virtual Server, you will need to run the following commands as the root user: yum clean all
and yum -y update httpd
The first command clears the yum cache, and the second command downloads and installs the update to the Apache HTTP Server.
[root@eapps-example ~]# yum clean all
[root@eapps-example ~]# yum -y update httpd
You will know that the Apache HTTP Server is installed when you see a Complete! message and you are returned to the command prompt. At this point Apache has been updated.