I’m not sure if this is what is referred to in the Apache 2.4.29 announcement, but please note that the Apache Portable Runtime v1.6.3 release resolved memory safety issues I found in functions used within HTTP server. This was released in conjunction with 2.4.29. Using HTTP server linked to prior versions of APR exposes the risks outlined in my email sent to this list on Monday. Best Regards, Craig On 10/25/17, 1:05 PM, "Development Manager" <devmanager@xxxxxxxxxxxxxxxxxxxxxx> wrote: The 2.4.29 changes document doesn't reference any CVE articles, though the announcement indicates that this is a security release. Are any of the 2.4.29 changes security related? Thanks, Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx