Security News > 2021 > October > Apache patch proves patchy – now you need to patch the patch
If the first patch arrives too quickly, then it may not have been reviewed or tested quite as much as you might like.
So it's not so much that the next patch in the queue catches up because the first one is too slow, but that the next one has to be completed in a rush to keep up.
If you aren't careful, then that second patch might itself beget a third patch, needed to patch the patch that patched the first patch.
The bottom line is that if you have Apache 2.4.59 or Apache 2.4.50 then you now need to update to Apache 2.4.51.
The patch wasn't always able to block suspiciously encoded slashes in the pathname, so that by shifting the trick from disguising a dot to disguising a slash, an attack was still theoretically possible.
Will the sudden arrival of the third bus in this burst of patches mean that we'll soon have 2.4.52 to follow?