Activity log for bug #1529355

Date Who What changed Old value New value Message
2015-12-26 08:17:00 Hikari Kobayashi bug added bug
2016-01-30 05:40:26 Hikari Kobayashi bug watch added https://bz.apache.org/bugzilla/show_bug.cgi?id=56870
2016-01-30 05:40:48 Hikari Kobayashi description Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Please put in this patch, right now! https://bz.apache.org/bugzilla/show_bug.cgi?id=56870
2016-03-31 11:49:15 Christian Ehrhardt  tags regression-release trusty
2016-03-31 11:49:21 Christian Ehrhardt  apache2 (Ubuntu): status New Triaged
2016-03-31 11:49:30 Christian Ehrhardt  apache2 (Ubuntu): importance Undecided High
2017-01-23 22:40:04 Joshua Powers bug added subscriber Ubuntu Server Team
2018-05-21 11:39:52 farhan saleh robleh apache2 (Ubuntu): assignee farhan saleh robleh (farhn)
2018-05-21 11:40:00 farhan saleh robleh apache2 (Ubuntu): status Triaged Confirmed
2018-05-23 19:52:36 Colin Watson apache2 (Ubuntu): assignee farhan saleh robleh (farhn)
2018-05-23 19:52:38 Colin Watson apache2 (Ubuntu): status Confirmed Triaged
2018-11-23 20:09:20 Andreas Hasenack apache2 (Ubuntu): status Triaged In Progress
2018-11-23 20:09:23 Andreas Hasenack apache2 (Ubuntu): assignee Andreas Hasenack (ahasenack)
2018-11-24 16:28:31 Andreas Hasenack description Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Please put in this patch, right now! https://bz.apache.org/bugzilla/show_bug.cgi?id=56870 [Impact] * An explanation of the effects of the bug on users and * justification for backporting the fix to the stable release. * In addition, it is helpful, but not required, to include an explanation of how the upload fixes this bug. [Test Case] * detailed instructions how to reproduce the bug * these should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. [Regression Potential] * discussion of how regressions are most likely to manifest as a result of this change. * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [Other Info] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance [Original Description] Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Please put in this patch, right now! https://bz.apache.org/bugzilla/show_bug.cgi?id=56870
2018-11-24 16:52:30 Andreas Hasenack description [Impact] * An explanation of the effects of the bug on users and * justification for backporting the fix to the stable release. * In addition, it is helpful, but not required, to include an explanation of how the upload fixes this bug. [Test Case] * detailed instructions how to reproduce the bug * these should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem. [Regression Potential] * discussion of how regressions are most likely to manifest as a result of this change. * It is assumed that any SRU candidate patch is well-tested before upload and has a low overall risk of regression, but it's important to make the effort to think about what ''could'' happen in the event of a regression. * This both shows the SRU team that the risks have been considered, and provides guidance to testers in regression-testing the SRU. [Other Info] * Anything else you think is useful to include * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board * and address these questions in advance [Original Description] Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Please put in this patch, right now! https://bz.apache.org/bugzilla/show_bug.cgi?id=56870 [Impact] AuthzProviderAlias are invisible to the authz provider inside a virtualhost stanza. This is a regression from hardy.  * An explanation of the effects of the bug on users and  * justification for backporting the fix to the stable release.  * In addition, it is helpful, but not required, to include an    explanation of how the upload fixes this bug. [Test Case] On trusty: # install apache sudo apt update sudo apt install apache2 -y # Add this block to /etc/apache2/sites-enabled/000-default.conf between the VirtualHost lines: <Directory "/var/www/html"> <RequireAll> Require not blacklisted-ips Require all granted </RequireAll> </Directory> # create the file /etc/apache2/conf-enabled/authz.conf with this content: <AuthzProviderAlias ip blacklisted-ips "127.0.0.1"> </AuthzProviderAlias> # restart apache2: sudo service apache2 restart # access localhost, which should work just fine wget localhost -O /dev/null # observe that /var/log/apache2/error.log contains a message like this: AH02305: no alias provider found for 'blacklisted-ips' (BUG?) # /var/log/apache2/access.log shows a normal GET request for /, which was allowed: "GET / HTTP/1.1" 200 11820 "-" "Wget/1.15 (linux-gnu)" That, and the successful request, indicate the bug. With an updated apache2 package, the following happens: - /var/log/apache2/error.log no longer contains a line questioning "blacklisted-ips", but instead logs a 403 status: [client 127.0.0.1:53478] AH01630: client denied by server configuration: /var/www/html/ - same for /var/log/apache2/access.log, showing a 403 being returned to the client: "GET / HTTP/1.1" 403 492 "-" "Wget/1.15 (linux-gnu)" - and wget fails: $ wget localhost --2018-11-24 16:50:28-- http://localhost/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2018-11-24 16:50:28 ERROR 403: Forbidden. [Regression Potential]  * discussion of how regressions are most likely to manifest as a result of this change.  * It is assumed that any SRU candidate patch is well-tested before    upload and has a low overall risk of regression, but it's important    to make the effort to think about what ''could'' happen in the    event of a regression.  * This both shows the SRU team that the risks have been considered,    and provides guidance to testers in regression-testing the SRU. [Other Info]  * Anything else you think is useful to include  * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board  * and address these questions in advance [Original Description] Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Please put in this patch, right now! https://bz.apache.org/bugzilla/show_bug.cgi?id=56870
2018-11-24 16:54:00 Andreas Hasenack description [Impact] AuthzProviderAlias are invisible to the authz provider inside a virtualhost stanza. This is a regression from hardy.  * An explanation of the effects of the bug on users and  * justification for backporting the fix to the stable release.  * In addition, it is helpful, but not required, to include an    explanation of how the upload fixes this bug. [Test Case] On trusty: # install apache sudo apt update sudo apt install apache2 -y # Add this block to /etc/apache2/sites-enabled/000-default.conf between the VirtualHost lines: <Directory "/var/www/html"> <RequireAll> Require not blacklisted-ips Require all granted </RequireAll> </Directory> # create the file /etc/apache2/conf-enabled/authz.conf with this content: <AuthzProviderAlias ip blacklisted-ips "127.0.0.1"> </AuthzProviderAlias> # restart apache2: sudo service apache2 restart # access localhost, which should work just fine wget localhost -O /dev/null # observe that /var/log/apache2/error.log contains a message like this: AH02305: no alias provider found for 'blacklisted-ips' (BUG?) # /var/log/apache2/access.log shows a normal GET request for /, which was allowed: "GET / HTTP/1.1" 200 11820 "-" "Wget/1.15 (linux-gnu)" That, and the successful request, indicate the bug. With an updated apache2 package, the following happens: - /var/log/apache2/error.log no longer contains a line questioning "blacklisted-ips", but instead logs a 403 status: [client 127.0.0.1:53478] AH01630: client denied by server configuration: /var/www/html/ - same for /var/log/apache2/access.log, showing a 403 being returned to the client: "GET / HTTP/1.1" 403 492 "-" "Wget/1.15 (linux-gnu)" - and wget fails: $ wget localhost --2018-11-24 16:50:28-- http://localhost/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2018-11-24 16:50:28 ERROR 403: Forbidden. [Regression Potential]  * discussion of how regressions are most likely to manifest as a result of this change.  * It is assumed that any SRU candidate patch is well-tested before    upload and has a low overall risk of regression, but it's important    to make the effort to think about what ''could'' happen in the    event of a regression.  * This both shows the SRU team that the risks have been considered,    and provides guidance to testers in regression-testing the SRU. [Other Info]  * Anything else you think is useful to include  * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board  * and address these questions in advance [Original Description] Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Please put in this patch, right now! https://bz.apache.org/bugzilla/show_bug.cgi?id=56870 [Impact] AuthzProviderAlias are invisible to the authz provider inside a virtualhost stanza. This is a regression from hardy. Sites affected by this bug might be leaking pages that were denied previously, because access is just granted. [Test Case] On trusty: # install apache sudo apt update sudo apt install apache2 -y # Add this block to /etc/apache2/sites-enabled/000-default.conf between the VirtualHost lines:         <Directory "/var/www/html">              <RequireAll>                  Require not blacklisted-ips                  Require all granted              </RequireAll>         </Directory> # create the file /etc/apache2/conf-enabled/authz.conf with this content: <AuthzProviderAlias ip blacklisted-ips "127.0.0.1"> </AuthzProviderAlias> # restart apache2: sudo service apache2 restart # access localhost, which should work just fine wget localhost -O /dev/null # observe that /var/log/apache2/error.log contains a message like this: AH02305: no alias provider found for 'blacklisted-ips' (BUG?) # /var/log/apache2/access.log shows a normal GET request for /, which was allowed: "GET / HTTP/1.1" 200 11820 "-" "Wget/1.15 (linux-gnu)" That, and the successful request, indicate the bug. With an updated apache2 package, the following happens: - /var/log/apache2/error.log no longer contains a line questioning "blacklisted-ips", but instead logs a 403 status: [client 127.0.0.1:53478] AH01630: client denied by server configuration: /var/www/html/ - same for /var/log/apache2/access.log, showing a 403 being returned to the client: "GET / HTTP/1.1" 403 492 "-" "Wget/1.15 (linux-gnu)" - and wget fails: $ wget localhost --2018-11-24 16:50:28-- http://localhost/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2018-11-24 16:50:28 ERROR 403: Forbidden. [Regression Potential]  * discussion of how regressions are most likely to manifest as a result of this change.  * It is assumed that any SRU candidate patch is well-tested before    upload and has a low overall risk of regression, but it's important    to make the effort to think about what ''could'' happen in the    event of a regression.  * This both shows the SRU team that the risks have been considered,    and provides guidance to testers in regression-testing the SRU. [Other Info]  * Anything else you think is useful to include  * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board  * and address these questions in advance [Original Description] Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Please put in this patch, right now! https://bz.apache.org/bugzilla/show_bug.cgi?id=56870
2018-11-24 17:12:44 Andreas Hasenack description [Impact] AuthzProviderAlias are invisible to the authz provider inside a virtualhost stanza. This is a regression from hardy. Sites affected by this bug might be leaking pages that were denied previously, because access is just granted. [Test Case] On trusty: # install apache sudo apt update sudo apt install apache2 -y # Add this block to /etc/apache2/sites-enabled/000-default.conf between the VirtualHost lines:         <Directory "/var/www/html">              <RequireAll>                  Require not blacklisted-ips                  Require all granted              </RequireAll>         </Directory> # create the file /etc/apache2/conf-enabled/authz.conf with this content: <AuthzProviderAlias ip blacklisted-ips "127.0.0.1"> </AuthzProviderAlias> # restart apache2: sudo service apache2 restart # access localhost, which should work just fine wget localhost -O /dev/null # observe that /var/log/apache2/error.log contains a message like this: AH02305: no alias provider found for 'blacklisted-ips' (BUG?) # /var/log/apache2/access.log shows a normal GET request for /, which was allowed: "GET / HTTP/1.1" 200 11820 "-" "Wget/1.15 (linux-gnu)" That, and the successful request, indicate the bug. With an updated apache2 package, the following happens: - /var/log/apache2/error.log no longer contains a line questioning "blacklisted-ips", but instead logs a 403 status: [client 127.0.0.1:53478] AH01630: client denied by server configuration: /var/www/html/ - same for /var/log/apache2/access.log, showing a 403 being returned to the client: "GET / HTTP/1.1" 403 492 "-" "Wget/1.15 (linux-gnu)" - and wget fails: $ wget localhost --2018-11-24 16:50:28-- http://localhost/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2018-11-24 16:50:28 ERROR 403: Forbidden. [Regression Potential]  * discussion of how regressions are most likely to manifest as a result of this change.  * It is assumed that any SRU candidate patch is well-tested before    upload and has a low overall risk of regression, but it's important    to make the effort to think about what ''could'' happen in the    event of a regression.  * This both shows the SRU team that the risks have been considered,    and provides guidance to testers in regression-testing the SRU. [Other Info]  * Anything else you think is useful to include  * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board  * and address these questions in advance [Original Description] Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Please put in this patch, right now! https://bz.apache.org/bugzilla/show_bug.cgi?id=56870 [Impact] AuthzProviderAlias are invisible to the authz provider inside a virtualhost stanza. This is a regression from hardy. Sites affected by this bug might be leaking pages that were denied previously, because access is just granted. [Test Case] On trusty: # install apache sudo apt update sudo apt install apache2 -y # Add this block to /etc/apache2/sites-enabled/000-default.conf between the VirtualHost lines:         <Directory "/var/www/html">              <RequireAll>                  Require not blacklisted-ips                  Require all granted              </RequireAll>         </Directory> # create the file /etc/apache2/conf-enabled/authz.conf with this content: <AuthzProviderAlias ip blacklisted-ips "127.0.0.1"> </AuthzProviderAlias> # restart apache2: sudo service apache2 restart # access localhost, which should work just fine wget localhost -O /dev/null # observe that /var/log/apache2/error.log contains a message like this: AH02305: no alias provider found for 'blacklisted-ips' (BUG?) # /var/log/apache2/access.log shows a normal GET request for /, which was allowed: "GET / HTTP/1.1" 200 11820 "-" "Wget/1.15 (linux-gnu)" That, and the successful request, indicate the bug. With an updated apache2 package, the following happens: # /var/log/apache2/error.log no longer contains a line questioning "blacklisted-ips", but instead logs a 403 status: [client 127.0.0.1:53478] AH01630: client denied by server configuration: /var/www/html/ # same for /var/log/apache2/access.log, showing a 403 being returned to the client: "GET / HTTP/1.1" 403 492 "-" "Wget/1.15 (linux-gnu)" # and wget fails as it should: $ wget localhost --2018-11-24 16:50:28-- http://localhost/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2018-11-24 16:50:28 ERROR 403: Forbidden. [Regression Potential] The patch was applied in apache 2.4.11. I looked for other commits after that trying to spot if there was a regression, but couldn't find any, and the same diff is present all the way up to what we have in disco now. [Other Info] Not at this time. [Original Description] Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Please put in this patch, right now! https://bz.apache.org/bugzilla/show_bug.cgi?id=56870
2018-11-24 18:18:18 Launchpad Janitor merge proposal linked https://code.launchpad.net/~ahasenack/ubuntu/+source/apache2/+git/apache2/+merge/359387
2018-11-26 07:39:26 Christian Ehrhardt  nominated for series Ubuntu Trusty
2018-11-26 07:39:26 Christian Ehrhardt  bug task added apache2 (Ubuntu Trusty)
2018-11-26 07:39:33 Christian Ehrhardt  apache2 (Ubuntu Trusty): status New In Progress
2018-11-26 07:39:39 Christian Ehrhardt  apache2 (Ubuntu Trusty): assignee Andreas Hasenack (ahasenack)
2018-11-26 07:39:41 Christian Ehrhardt  apache2 (Ubuntu): assignee Andreas Hasenack (ahasenack)
2018-11-26 07:39:44 Christian Ehrhardt  apache2 (Ubuntu): status In Progress Fix Released
2018-11-26 12:01:13 Andreas Hasenack description [Impact] AuthzProviderAlias are invisible to the authz provider inside a virtualhost stanza. This is a regression from hardy. Sites affected by this bug might be leaking pages that were denied previously, because access is just granted. [Test Case] On trusty: # install apache sudo apt update sudo apt install apache2 -y # Add this block to /etc/apache2/sites-enabled/000-default.conf between the VirtualHost lines:         <Directory "/var/www/html">              <RequireAll>                  Require not blacklisted-ips                  Require all granted              </RequireAll>         </Directory> # create the file /etc/apache2/conf-enabled/authz.conf with this content: <AuthzProviderAlias ip blacklisted-ips "127.0.0.1"> </AuthzProviderAlias> # restart apache2: sudo service apache2 restart # access localhost, which should work just fine wget localhost -O /dev/null # observe that /var/log/apache2/error.log contains a message like this: AH02305: no alias provider found for 'blacklisted-ips' (BUG?) # /var/log/apache2/access.log shows a normal GET request for /, which was allowed: "GET / HTTP/1.1" 200 11820 "-" "Wget/1.15 (linux-gnu)" That, and the successful request, indicate the bug. With an updated apache2 package, the following happens: # /var/log/apache2/error.log no longer contains a line questioning "blacklisted-ips", but instead logs a 403 status: [client 127.0.0.1:53478] AH01630: client denied by server configuration: /var/www/html/ # same for /var/log/apache2/access.log, showing a 403 being returned to the client: "GET / HTTP/1.1" 403 492 "-" "Wget/1.15 (linux-gnu)" # and wget fails as it should: $ wget localhost --2018-11-24 16:50:28-- http://localhost/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2018-11-24 16:50:28 ERROR 403: Forbidden. [Regression Potential] The patch was applied in apache 2.4.11. I looked for other commits after that trying to spot if there was a regression, but couldn't find any, and the same diff is present all the way up to what we have in disco now. [Other Info] Not at this time. [Original Description] Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Please put in this patch, right now! https://bz.apache.org/bugzilla/show_bug.cgi?id=56870 [Impact] AuthzProviderAlias are invisible to the authz provider inside a virtualhost stanza. This is a regression from hardy. Sites affected by this bug might be leaking pages that were denied previously, because access is just granted. [Test Case] On trusty: # install apache sudo apt update sudo apt install apache2 -y # Add this block to /etc/apache2/sites-enabled/000-default.conf between the VirtualHost lines:         <Directory "/var/www/html">              <RequireAll>                  Require not blacklisted-ips                  Require all granted              </RequireAll>         </Directory> # create the file /etc/apache2/conf-enabled/authz.conf with this content: <AuthzProviderAlias ip blacklisted-ips "127.0.0.1"> </AuthzProviderAlias> # restart apache2: sudo service apache2 restart # access localhost, which should work just fine wget localhost -O /dev/null # observe that /var/log/apache2/error.log contains a message like this: AH02305: no alias provider found for 'blacklisted-ips' (BUG?) # /var/log/apache2/access.log shows a normal GET request for /, which was allowed: "GET / HTTP/1.1" 200 11820 "-" "Wget/1.15 (linux-gnu)" That, and the successful request, indicate the bug. With an updated apache2 package, the following happens: # /var/log/apache2/error.log no longer contains a line questioning "blacklisted-ips", but instead logs a 403 status: [client 127.0.0.1:53478] AH01630: client denied by server configuration: /var/www/html/ # same for /var/log/apache2/access.log, showing a 403 being returned to the client: "GET / HTTP/1.1" 403 492 "-" "Wget/1.15 (linux-gnu)" # and wget fails as it should: $ wget localhost --2018-11-24 16:50:28-- http://localhost/ Resolving localhost (localhost)... 127.0.0.1 Connecting to localhost (localhost)|127.0.0.1|:80... connected. HTTP request sent, awaiting response... 403 Forbidden 2018-11-24 16:50:28 ERROR 403: Forbidden. [Regression Potential] The patch was applied in apache 2.4.11. I looked for other commits after that trying to spot if there was a regression, but couldn't find any, and the same diff is present all the way up to what we have in disco now. That being said, fixing the incorrect behavior might catch some admins by surprise: they might have been letting pages be accessed that shouldn't have, without realizing it. Or the other way around. After the upgrade, the access rule will be correctly enforced. [Other Info] Not at this time. [Original Description] Recently I updated my server from Ubuntu 12.03 LTS to Ubuntu14.03 LTS, And I found the problem of Apache 2.4.7. It is thought that Apache2.4.7 doesn't include authzprovideralias-defined authz provider. So I can't set the systemuser's account to belong to Multiple organizations. Since Apacahe2.4.11 includes authzprovideralias-defined authz provider, I want you to make the same correspondence to Apache2.4.7. Please put in this patch, right now! https://bz.apache.org/bugzilla/show_bug.cgi?id=56870
2018-11-28 00:06:23 Brian Murray apache2 (Ubuntu Trusty): status In Progress Fix Committed
2018-11-28 00:06:25 Brian Murray bug added subscriber Ubuntu Stable Release Updates Team
2018-11-28 00:06:26 Brian Murray bug added subscriber SRU Verification
2018-11-28 00:06:29 Brian Murray tags regression-release trusty regression-release trusty verification-needed verification-needed-trusty