Author Topic: Update Apache v2.4.41 to latest and stable Apache v2.4.43 for CWP & CWP PRO!  (Read 3349 times)

0 Members and 1 Guest are viewing this topic.

Offline
**
Hi,

First of all i wish to congratulate all the programmers of both CWP (Control Web Panel) and CWP (Control Web Panel) PRO for the excellent work they do and for the excellent product they have created, truly excellent from all points of view.
Congratulations also for the new and beautiful official website of CWP and CWP PRO https://control-webpanel.com/

Having said that, i ask you to consider from your next CWP (Control Web Panel) and CWP (Control Web Panel) PRO release,
updating Apache to the latest version of Apache v2.4.43 which was released on 31 March, 2020 as GA.

This is the official changelog link for Apache v2.4.43: https://www.apachelounge.com/Changelog-2.4.html

31-March-2020 Changes with Apache v2.4.43 - GA

Apache Lounge changes:

- Upgraded OpenSSL to 1.1.1f from 1.1.1e (Changelog)

ASF changes:

- SECURITY: CVE-2020-1934 (cve.mitre.org)
   mod_proxy_ftp: Use of uninitialized value with malicious backend FTP server. [Eric Covener]

- SECURITY: CVE-2020-1927 (cve.mitre.org)
  rewrite, core: Set PCRE_DOTALL flag by default to avoid unpredictable matches and substitutions with encoded line break
  characters.
  The fix for CVE-2019-10098 was not effective.  [Ruediger Pluem]

- mod_ssl: Fix memory leak of OCSP stapling response. [Yann Ylavic]

This is the official announcement link for Apache v2.4.43: https://www.apachelounge.com/viewtopic.php?p=38973

Apache httpd 2.4.43 is released as GA.

ASF and Apachelounge changes : https://www.apachelounge.com/Changelog-2.4.html

Attention for mod_md new features and changes listed at 2.4.42 in the change log (2.4.42 was not released).

Documentation: http://httpd.apache.org/docs/2.4/

Build with dependencies:

- openssl 1.1.1f
- nghttp2 1.40.0
- jansson 2.12
- curl 7.69.1
- apr 1.7.0
- apr-util 1.6.1
- apr-iconv 1.2.2
- zlib 1.2.11
- brotli 1.0.7
- pcre 8.44
- libxml2 2.9.10
- lua 5.2.4
- expat 2.2.9

Why we have a VS16 now
Maybe you noticed that we call Visual Studio C++ 2019 VS16 instead of VC16. In consultation with the PHP team we both now going to use VS16. VS16 is the version number of Visual Studio 2019.

The reason is, that VC15 is already a fictional identity, as the real VC++ version is 14.1, as you know. The new default one is now 14.2 still, not 16. Also, the version numbers move a lot faster now that in versions before VS2015. Thus, it turns out better to refer to the Visual Studio version and it's default toolset, than trying to catch up with the VC++ version which became unpredictable. Back in time, we've started to build with a preview of VS2017, which was indeed VC15, but after the GA release the version has been changed to 14.1, where we didn't catch up.

One Redistributable for VC14, VC15 and VS16
For VC14, VC15 and VS16 there is now only one Redistributable, called Microsoft Visual C++ Redistributable for Visual Studio 2015, 2017 and 2019

When you have already installed the VC14 and/or VC15 Redistributable. Then after install of the new, the Redistributable VC14/15 is updated from 14.0x.xx/14.1x.xx to the new one 14.2x.xx , it is called Microsoft Visual C++ 2015-2019 Redistributable and you can still use VC15/14.

Note from Microsoft: Visual C++ 2015, 2017 and 2019 all share the same redistributable files.
For example, installing the Visual C++ 2015-2019 Redistributable will affect programs built with Visual C++ 2015 and 2017 also. However, installing the Visual C++ 2015 Redistributable will not replace the newer versions of the files installed by the Visual C++ 2015-2019 Redistributable.

This is different from all previous Visual C++ versions, as they each had their own distinct runtime files, not shared with other versions.

VS16, VC14 and VC15 are backward compatible.
VS16 is backward compatible to VC15/14 and VC15 backward to VC14. That means for example, a VC15/14 module can be used inside a VS16 binary (for example PHP VC15/14 as module).

When you have hangs, slow traffic and/or when having in your log entries like Asynchronous AcceptEx failed. You can try the following settings:

AcceptFilter http none
AcceptFilter https none
EnableSendfile off
EnableMMAP off

I know you are always very busy developing CWP but i hope you can consider this suggestion of mine which i believe would be appreciated by all users of CWP (Control Web Panel) and CWP (Control Web Panel) PRO !

Thanks in advance for the support.
« Last Edit: April 10, 2020, 01:26:43 PM by Automata »


« Stay hungry, stay foolish. »