[iBotPeaches]

This was an interesting security patch that marked the first time in my memory that updating Apache led to an immediate regression. A few hours after taking this upgrade many systems experienced such strange timeout errors. Connections were low and couldn't pinpoint the misleading behavior that looked like a slowloris attack, with no connections.

Half a day later with no resolution in research a new patch [1] was available and problem resolved.

[1] https://github.com/apache/httpd/commit/8720881b0634383145e87...

[nocsi]

It might be because they had patch cycle commitments. Ideally you want this stuff to be tucked into the regular release cycle. It costs companies a shit load of money to release and out of band update, esp when security related