Code Changes for Apache Server Upgrade

IT_Guy

6/1/24, 9:37 AM

The security team found a loophole in Apache version 2.4.23 so we need to upgrade Apache to version at least 2.4.56 or later. However, the developers told me it required a lot of code changes (around 60% of the entire codebase). Is this true?

1 + 4

php

apache-2.4

vidarlo

6/1/24, 9:49 AM

How can we know if it's true?

HBruijn

6/1/24, 10:02 AM

A bit of an old answer of mine here https://serverfault.com/a/737872/37681 - and only tangentially related your question, which is very short in details so I might be barking up the wrong tree but: finding a specific version string does not equate to your system being vulnerable to every and all bugs published for that version, as long as you're running an supported (enterprise/LTS) distribution that backports security updates.

Romeo Ninov

6/1/24, 10:10 AM

This (code change) look VERY unrealistic for me. I will be surprised if more than 10 lines of code need to be changed. Do the test, install on test machine new version and app and make QA to test the app.

symcbean

6/1/24, 10:35 AM

If we are talking about PHP code, then, unless the PHP code is actually parsing or generating the Apache configs there should be ZERO impact. But as it stands the question is MUCH TOO vague to answer. voting to close.

Score:1

Server

Gerald Schneider

6/1/24, 10:03 AM

As long as Apache is installed via system packages and the system is not yet end of life security patches are backported by the package maintainers to older versions.

Check the changelog of the Apache package, chances are high that your Apache is already patched, as long as security updates are installed when they become available.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Code Changes for Apache Server Upgrade

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.