Moderators Josh Levitsky Posted January 30, 2023 Moderators Share Posted January 30, 2023 As you may be aware, Apache recently released version 2.4.55 to address three vulnerabilities (https://httpd.apache.org/security/vulnerabilities_24.html). Our development team has reviewed all three (CVE-2006-20001/CVE-2022-36760/CVE-2022-37436) and found that FileWave is not vulnerable to any of them. Two of the modules are not used and the third module exploit is not relevant for our implementation. We plan to incorporate Apache version 2.4.55 or later in the next possible release, however, due to FileWave 14.10.0 currently going through QA, we have determined that it is not necessary to derail its release for a vulnerability that cannot be executed. If Apache releases further information about this or any additional vulnerabilities, we will continue to evaluate our position. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now