Need to be able to use the latest version of Apache

[TWDBrob]

According to a recent penetration test, we need to bring the version of Apache included in this map server image up to date. However, the highest version installed using the 8.0 tag is Apache 2.4.52, which is the latest version available to mirrors set up in the osgeo/gdal:ubuntu-small-3.5.1 image. The latest Apache is version 2.4.59 and there have been some updates marked important: https://httpd.apache.org/security/vulnerabilities_24.html

Can we please bring this image up to date? We had issues on our end with the libaio1 which apparently isn't available in Ubuntu 2.4.04 and updating it to libaio1t64 apparently doesn't work either.

[sbrunner]

If I pick up one CVE like CVE-2023-38709 I see that fixed on version 2.4.52-1ubuntu4.9 who we use https://ubuntu.com/security/CVE-2023-38709 Then I didn't see anything wrong...

[TWDBrob]

Is there any way to confirm that that version is being used? I just see the version as 2.4.52 using apachectl -v.

[TWDBrob]

I found the answer here:

https://serverfault.com/questions/1145942/how-do-i-make-sure-that-all-security-updates-applied-to-apache-2-4-18-on-ubuntu