AWS AL2 documentation change
Summary
Removed 'AWS' from 'AWS Application Load Balancers' in CVE-2025-23048 mitigation note for consistency
Security assessment
The change is a minor editorial correction (removing redundant 'AWS' branding) and does not alter security-related content. The CVE reference was already present in the original text, and the edit does not introduce new security information.
Diff
diff --git a/AL2/latest/relnotes/relnotes-20250818.md b/AL2/latest/relnotes/relnotes-20250818.md index c0b3da7ea..824c57a2f 100644 --- a//AL2/latest/relnotes/relnotes-20250818.md +++ b//AL2/latest/relnotes/relnotes-20250818.md @@ -44 +44 @@ This release of Amazon Linux 2 includes the latest security updates. - * Following the mitigation of CVE-2025-23048 in Apache httpd, some websites may experience a "Misdirected Request" error, especially if a web server operates behind a load balancer. Currently, this issue is particularly noticeable with AWS Application Load Balancers, which, at this time, do not relay SNI data to the target server. Apache httpd used to allow clients to send requests without setting a server name in the SNI because the check wasn't accurate. However, this behavior changed in version 2.4.64. There are several known solutions and/or workarounds depending on the load balancer and its configuration. These solutions can be found in the [Apache bug tracker](https://bz.apache.org/bugzilla/show_bug.cgi?id=69743). + * Following the mitigation of CVE-2025-23048 in Apache httpd, some websites may experience a "Misdirected Request" error, especially if a web server operates behind a load balancer. Currently, this issue is particularly noticeable with Application Load Balancers, which, at this time, do not relay SNI data to the target server. Apache httpd used to allow clients to send requests without setting a server name in the SNI because the check wasn't accurate. However, this behavior changed in version 2.4.64. There are several known solutions and/or workarounds depending on the load balancer and its configuration. These solutions can be found in the [Apache bug tracker](https://bz.apache.org/bugzilla/show_bug.cgi?id=69743).