Apache HTTP Server 2.4.67 has been released, addressing critical memory safety vulnerabilities in mod_proxy_ajp and a dangerous double free issue in HTTP/2 that could lead to remote code execution. The update also fixes various security flaws, including authentication bypass gaps, proxy crashes, and response splitting issues, along with updates to submodules like mod_md and mod_http2. Administrators are advised to back up their configurations before upgrading and to verify the new version to ensure system stability and security. Additionally, the release includes compatibility adjustments for older systems and improved support for modern media formats
Apache HTTP Server 2.4.67 released
Apache HTTP Server 2.4.67 drops with urgent patches for critical memory safety flaws in mod_proxy_ajp and a dangerous double free vulnerability in HTTP/2 that could allow remote code execution. The release also closes authentication bypass gaps, fixes proxy crashes, and corrects response splitting issues caused by compromised backend servers. Submodules like mod_md and mod_http2 get updated to resolve certificate renewal bugs and third-party memory allocator conflicts that frequently break custom setups. Administrators should back up their current configurations before upgrading and verify the new version to keep their infrastructure secure and stable.
