- apache-test-application-xml-type.patch
- apache-test-turn-off-variables-in-ssl-var-lookup.patch
- apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch
- apache2-LimitRequestFieldSize-limits-headers.patch
* Update to 2.4.64.
* CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase
* CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack
* CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service
* CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption
* CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping
* CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths
* CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header
* CVE-2024-42516: Apache HTTP Server: HTTP response splitting
* mod_proxy_ajp: Use iobuffersize set on worker level for the IO buffer
size.
* mod_ssl: Drop $SSLKEYLOGFILE handling internally for OpenSSL 3.5
builds which enable it in libssl natively.
* mod_asis: Fix the log level of the message AH01236.
* mod_session_dbd: ensure format used with SessionDBDCookieName and
SessionDBDCookieName2 are correct.
* mod_headers: 'RequestHeader set|edit|edit_r Content-Type X' could
inadvertently modify the Content-Type _response_ header. Applies to
Content-Type only and likely to only affect static file responses.
* mod_ssl: Remove warning over potential uninitialised value
for ssl protocol prior to protocol selection.
* mod_proxy: Reuse ProxyRemote connections when possible, like prior
to 2.4.59.
* mod_systemd: Add systemd socket activation support.
* mod_systemd: Log the SELinux context at startup if available and
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=719
