[Info-vax] Apache log rotation
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Sun Aug 12 06:46:17 EDT 2012
On 2012-08-12, Paul Sture <paul.nospam at sture.ch> wrote:
> On Sat, 11 Aug 2012 12:31:48 -0500, Craig A. Berry wrote:
>
>> In article <k05jsh$cdd$1 at dont-email.me>,
>> Stephen Hoffman <seaohveh at hoffmanlabs.invalid> wrote:
>>
>>> FWIW, the VMS Apache V2.2 port is 2.0.63, and that's two major releases
>>> behind current Apache (2.4.2), so I wouldn't assume what source code
>>> and icons is included in the VMS port aligns with current Apache
>>> reality. Yes, the newest Apache 2.0.x version is 2.0.64; we might see
>>> that one.
>>
>> And as far as I can tell SWS still has no patch for the killapache.pl
>> exploit, which has its one-year anniversary in the next week or two.
>
> Going further back there was a documented problem with flushing the
> logfile. It was stated at the time that this would be "fixed in a future
> release" but I heard nothing more on the subject.
>
Security issues remaining unfixed for over a year in VMS Apache is a
common problem.
At the time of the last Apache patch release, I noticed that a number
of the security issues fixed had been discovered well over a year prior
to the patch release and the odd one was several years old.
I'm seriously glad I moved off VMS Apache to Linux Apache many years ago.
For website applications, VMS (when in use) is now just a data backend to
various web front ends with data been served over a local LAN.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list