Apache HTTP Server (httpd) 2.2.15 Released

The Apache Software Foundation and the Apache HTTP Server Project are
pleased to announce the release and immediate availability of version
2.2.15 of the Apache HTTP Server ("httpd").  This version of httpd is
principally a security and bug fix release.

Notably, this release was updated to reflect the OpenSSL Project's
release 0.9.8m of the openssl library, and addresses CVE-2009-3555
(cve.mitre.org), the TLS renegotiation prefix injection attack.
This release further addresses the issues CVE-2010-0408, CVE-2010-0425
and CVE-2010-0434 within mod_proxy_ajp, mod_isapi and mod_headers
respectively.

We consider this release to be the best version of httpd available, and
encourage users of all prior versions to upgrade.

Apache HTTP Server 2.2.15 is available for download from:

  http://httpd.apache.org/download.cgi

Please see the CHANGES_2.2 file, linked from the download page, for a
full list of changes.  A condensed list, CHANGES_2.2.15 provides the
complete list of changes since 2.2.14. A summary of security
vulnerabilities which were addressed in the previous 2.2.14 and earlier
releases is available:

  http://httpd.apache.org/security/vulnerabilities_22.html

Apache HTTP Server 2.2.15 is compatible with Apache Portable Runtime
(APR) versions 1.3 and 1.4, APR-util library version 1.3, and
APR-iconv library version 1.2.  The most current releases should