Altrea wrote:XAMPP is meant for beginners not able to install the needed single components on their own.
The disadvantage is that you are completely dependent on new releases for the whole XAMPP bundle.
You are much more free in updatability if you install the single components on your own.
Altrea, thank you for not being arrogant and rude! I am not an Apache or PHP expert. The software we are using can run on IIS or Apache. We were running it on IIS but for some reason a coworker felt it would be more stable on Apache and the vendor of the software recommends XAMPP. However we live in an IT world that is required to stay current and not have ACAS hits. The CVE is stating multiple vulnerabilities as stated in the 2.4.58 advisory. I imagine I could figure out how to get this rolling by installing the components myself but not sure how much time it will take.
I see Out of bounds read vulnerability, DoS, HTTP/2 stream memory not reclaimed all listed.
I understand this is free open source. I really just wanted to know what the "normal" time for patching is so that I can request an exception or make a different decision. We do get some leeway with exceptions but not much.