New mod_spdy binary bugfix release (v0.9.4.3) - SECURITY FIX

71 views

Skip to first unread message

Matthew Steele

unread,

Jun 5, 2014, 11:51:42 AM6/5/14

to mod-spdy...@googlegroups.com, spdy...@googlegroups.com

We have just put out a new binary bugfix release of mod_spdy (v0.9.4.3). Binary packages for this release are available for download today from here:

https://developers.google.com/speed/spdy/mod_spdy/

If you've installed one of our previous binary releases (and did not disable auto-update), you should be able to easily upgrade using your package manager (apt or yum).

This update addresses the OpenSSL MITM CCS injection vulnerability (CVE-2014-0224) by upgrading the version of OpenSSL used by mod_spdy, and is *strongly recommended* for all mod_spdy users. All versions of mod_spdy prior to 0.9.4.3 are vulnerable and should be updated immediately. More information at these links:

http://ccsinjection.lepidum.co.jp/

https://www.openssl.org/news/secadv_20140605.txt

PowerKiKi

unread,

Jun 5, 2014, 9:46:00 PM6/5/14

to mod-spdy...@googlegroups.com, spdy...@googlegroups.com

Thanks for this update!

Would you have any news regarding support of Apache 2.4 ? I am pretty sure I saw a version of mod_spdy (fork?) that would support it, but I can't find anymore...

Reply all

Reply to author

Forward

0 new messages