On 9/28/21 7:27 AM, Ian Wienand wrote: ... > It is an open question if this is actually an Apache error, or the > update has just triggered something in our uwsgi setup that is wrong > but just happened to work previously... Actually mostly the latter I would say. See my proposed fix/workaround [0], the bug report I opened [1] and the apache2 docs [2]. The patch that changed apache2 behaviour is [3]. [0] https://review.opendev.org/c/openstack/devstack/+/811303 [1] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274 [2] https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass [3] https://git.launchpad.net/ubuntu/+source/apache2/tree/debian/patches/CVE-2021-36160.patch?h=applied/ubuntu/focal-security