https://spaceraccoon.github.io/vulnerability-spoiler-alert Vulnerability alerts for apache/httpd en-us Fri, 17 Apr 2026 01:52:35 GMT https://github.com/spaceraccoon/vulnerability-spoiler-alert/issues/84 https://github.com/spaceraccoon/vulnerability-spoiler-alert/issues/84 Wed, 18 Mar 2026 20:59:05 GMT The original example configuration had 'Require all granted' at the Directory level, which grants unauthenticated access to all users by default. The LimitExcept block only required authentication for non-GET/POST/OPTIONS methods, but the outer 'Require all granted' could override authentication requirements depending on configuration context. The patch removes 'Require all granted' and replaces the LimitExcept approach with a RequireAny block that properly requires either the correct HTTP method OR an authenticated admin user, ensuring write operations require authentication. high unverified