mod_ratelimit is broken in 2.4.38

To: debian-apache@lists.debian.org
Subject: mod_ratelimit is broken in 2.4.38
From: Jean Weisbuch <jean@phpnet.org>
Date: Thu, 22 Aug 2019 12:51:36 +0200
Message-id: <[🔎] 7fee8451-65fb-eb5f-e042-73c435e057b4@phpnet.org>

Hello,

mod_ratelimit has a bug in 2.4.38 that breaks HEAD requests by returningan empty response (for example, browsers that sends requests to checkthe ETAG for a file it has in its cache will have an empty response andshow an error page and load balancers will return a 502 error code).

The error makes mod_ratelimit unusable on the current version of HTTD onDebian Buster, it has been fixed on 2.4.39 ; is it possible to backportthe fix or is there any plan to upgrade to 2.4.39+ on buster?

Original upstream bug report :https://bz.apache.org/bugzilla/show_bug.cgi?id=63192Fix for this bug :https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?r1=1837130&r2=1854004&pathrev=1854004&diff_format=h



Thanks in advance.

Reply to:

Prev by Date: [bts-link] source package apr
Next by Date: Bug#910368: apache2: Apache does not start reliably after reboot
Previous by thread: [bts-link] source package apr
Next by thread: Bug#910368: apache2: Apache does not start reliably after reboot
Index(es):
- Date
- Thread