publishing release httpd-2.4.66

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1930252 13f79535-47bb-0310-9956-ffa450edef68

Author: covener

CHANGES

@@ -1,6 +1,48 @@
                                                          -*- coding: utf-8 -*-
+Changes with Apache 2.4.67
+
 Changes with Apache 2.4.66
 
+  *) SECURITY: CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec
+     bypass via AllowOverride FileInfo (cve.mitre.org)
+     mod_userdir+suexec bypass via AllowOverride FileInfo
+     vulnerability in Apache HTTP Server. Users with access to use
+     the RequestHeader directive in htaccess can cause some CGI
+     scripts to run under an unexpected userid.
+     Credits: Mattias Åsander (Umeå University)
+
+  *) SECURITY: CVE-2025-65082: Apache HTTP Server: CGI environment
+     variable override (cve.mitre.org)
+     Improper Neutralization of Escape, Meta, or Control Sequences
+     vulnerability in Apache HTTP Server through environment
+     variables set via the Apache configuration unexpectedly
+     superseding variables calculated by the server for CGI programs.
+     Credits: Mattias Åsander (Umeå University)
+
+  *) SECURITY: CVE-2025-59775: Apache HTTP Server: NTLM Leakage on
+     Windows through UNC SSRF (cve.mitre.org)
+     Server-Side Request Forgery (SSRF) vulnerability
+     in Apache HTTP Server on Windows with AllowEncodedSlashes On and
+     MergeSlashes Off allows to potentially leak NTLM hashes to a malicious 
+     server via SSRF and malicious requests or content
+     Credits: Orange Tsai (@orange_8361) from DEVCORE
+
+  *) SECURITY: CVE-2025-58098: Apache HTTP Server: Server Side
+     Includes adds query string to #exec cmd=... (cve.mitre.org)
+     Apache HTTP Server 2.4.65 and earlier with Server Side Includes
+     (SSI) enabled and mod_cgid (but not mod_cgi) passes the
+     shell-escaped query string to #exec cmd="..." directives.
+     Credits: Anthony Parfenov (United Rentals, Inc.)
+
+  *) SECURITY: CVE-2025-55753: Apache HTTP Server: mod_md (ACME),
+     unintended retry intervals (cve.mitre.org)
+     An integer overflow in the case of failed ACME certificate
+     renewal leads, after a number of failures (~30 days in default
+     configurations), to the backoff timer becoming 0. Attempts to
+     renew the certificate then are repeated without delays until it
+     succeeds.
+     Credits: Aisle Research
+
   *) mod_http2: Fix handling of 304 responses from mod_cache. PR 69580.
      [Stefan Eissing]
 

STATUS

@@ -29,7 +29,8 @@ Release history:
     [NOTE that x.{odd}.z versions are strictly Alpha/Beta releases,
           while x.{even}.z versions are Stable/GA releases.]
 
-    2.4.66  : In development
+    2.4.67  : In development
+    2.4.66  : Released on December 04, 2025
     2.4.65  : Released on July 23, 2025
     2.4.64  : Released on July 10, 2025
     2.4.63  : Released on January 23, 2025

docs/manual/bind.html.de

@@ -14,7 +14,7 @@
 <script src="./style/scripts/prettify.min.js" type="text/javascript">
 </script>
 
-<link href="./images/favicon.ico" rel="shortcut icon" /></head>
+<link href="./images/favicon.png" rel="shortcut icon" /></head>
 <body id="manual-page"><div id="page-header">
 <p class="menu"><a href="./mod/">Module</a> | <a href="./mod/directives.html">Direktiven</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossar</a> | <a href="./sitemap.html">Seitenindex</a></p>
 <p class="apache">Apache HTTP Server Version 2.4</p>

docs/manual/bind.html.ja.utf8

@@ -14,7 +14,7 @@
 <script src="./style/scripts/prettify.min.js" type="text/javascript">
 </script>
 
-<link href="./images/favicon.ico" rel="shortcut icon" /></head>
+<link href="./images/favicon.png" rel="shortcut icon" /></head>
 <body id="manual-page"><div id="page-header">
 <p class="menu"><a href="./mod/">モジュール</a> | <a href="./mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">用語</a> | <a href="./sitemap.html">サイトマップ</a></p>
 <p class="apache">Apache HTTP サーバ バージョン 2.4</p>

docs/manual/bind.html.ko.euc-kr

@@ -14,7 +14,7 @@
 <script src="./style/scripts/prettify.min.js" type="text/javascript">
 </script>
 
-<link href="./images/favicon.ico" rel="shortcut icon" /></head>
+<link href="./images/favicon.png" rel="shortcut icon" /></head>
 <body id="manual-page"><div id="page-header">
 <p class="menu"><a href="./mod/">모듈</a> | <a href="./mod/directives.html">지시어들</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">용어</a> | <a href="./sitemap.html">사이트맵</a></p>
 <p class="apache">Apache HTTP Server Version 2.4</p>

docs/manual/bind.html.tr.utf8

@@ -14,7 +14,7 @@
 <script src="./style/scripts/prettify.min.js" type="text/javascript">
 </script>
 
-<link href="./images/favicon.ico" rel="shortcut icon" /></head>
+<link href="./images/favicon.png" rel="shortcut icon" /></head>
 <body id="manual-page"><div id="page-header">
 <p class="menu"><a href="./mod/">Modüller</a> | <a href="./mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="./glossary.html">Terimler</a> | <a href="./sitemap.html">Site Haritası</a></p>
 <p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p>

docs/manual/caching.html.tr.utf8

@@ -14,7 +14,7 @@
 <script src="./style/scripts/prettify.min.js" type="text/javascript">
 </script>
 
-<link href="./images/favicon.ico" rel="shortcut icon" /></head>
+<link href="./images/favicon.png" rel="shortcut icon" /></head>
 <body id="manual-page"><div id="page-header">
 <p class="menu"><a href="./mod/">Modüller</a> | <a href="./mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="./glossary.html">Terimler</a> | <a href="./sitemap.html">Site Haritası</a></p>
 <p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p>

docs/manual/configuring.html.de

@@ -14,7 +14,7 @@
 <script src="./style/scripts/prettify.min.js" type="text/javascript">
 </script>
 
-<link href="./images/favicon.ico" rel="shortcut icon" /></head>
+<link href="./images/favicon.png" rel="shortcut icon" /></head>
 <body id="manual-page"><div id="page-header">
 <p class="menu"><a href="./mod/">Module</a> | <a href="./mod/directives.html">Direktiven</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">Glossar</a> | <a href="./sitemap.html">Seitenindex</a></p>
 <p class="apache">Apache HTTP Server Version 2.4</p>

docs/manual/configuring.html.ja.utf8

@@ -14,7 +14,7 @@
 <script src="./style/scripts/prettify.min.js" type="text/javascript">
 </script>
 
-<link href="./images/favicon.ico" rel="shortcut icon" /></head>
+<link href="./images/favicon.png" rel="shortcut icon" /></head>
 <body id="manual-page"><div id="page-header">
 <p class="menu"><a href="./mod/">モジュール</a> | <a href="./mod/directives.html">ディレクティブ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">用語</a> | <a href="./sitemap.html">サイトマップ</a></p>
 <p class="apache">Apache HTTP サーバ バージョン 2.4</p>

docs/manual/configuring.html.ko.euc-kr

@@ -14,7 +14,7 @@
 <script src="./style/scripts/prettify.min.js" type="text/javascript">
 </script>
 
-<link href="./images/favicon.ico" rel="shortcut icon" /></head>
+<link href="./images/favicon.png" rel="shortcut icon" /></head>
 <body id="manual-page"><div id="page-header">
 <p class="menu"><a href="./mod/">모듈</a> | <a href="./mod/directives.html">지시어들</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">용어</a> | <a href="./sitemap.html">사이트맵</a></p>
 <p class="apache">Apache HTTP Server Version 2.4</p>