One of the PCI scanning companies is demanding an upgrade to 2.4.2 due to the issues described in this CVE:Changes with Apache 2.2.23 *) SECURITY: CVE-2012-0883 (cve.mitre.org) envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the current working directory to be searched for DSOs. [Stefan Fritsch] Is there any idea when 2.2.23 will be released? I'd rather not upgrade to 2.4.2 Apologies if this is the wrong list for this. Best, Luke Lozier |