This update includes the latest upstream release of Apache httpd, version 2.4.39, including multiple bug and security fixes. To see the full list of changes in this release, see: https://www.apache.org/dist/httpd/CHANGES_2.4.39

The following security vulnerabilities are addressed:

• CVE-2019-0211 - MPMs unix: Fix a local priviledge escalation vulnerability by not maintaining each child's listener bucket number in the scoreboard, preventing unprivileged code like scripts run by/on the server (e.g. via mod_php) from modifying it persistently to abuse the priviledged main process.

• CVE-2019-0215 - mod_ssl: Fix access control bypass for per-location/per-dir client certificate verification in TLSv1.3.

• CVE-2019-0217 - mod_auth_digest: Fix a race condition checking user credentials which could allow a user with valid credentials to impersonate another, under a threaded MPM.

• CVE-2019-0220- Merge consecutive slashes in URL's. Opt-out with MergeSlashes OFF.