enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #08519
[Bug 1945274] Re: security updates are breaking mod_wsgi apps
Ok so whilst this worked in the past, this was more by chance than by
design since as documented upstream[1]:
If the first argument ends with a trailing /, the second argument
should also end with a trailing /, and vice versa. Otherwise, the
resulting requests to the backend may miss some needed slashes and do
not deliver the expected results.
As such I don't think this should be considered a regression due to the update in apache2 for CVE-2021-36160.
[1] https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass
** Changed in: apache2 (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1945274
Title:
security updates are breaking mod_wsgi apps
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274/+subscriptions
References