You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How to manually patch OS X Server bundled outdated components?

Referring to OS X Server (v3.1.2), it is bundled with Apache (v2.2.26), and mod_ssl (v2.2.26).

In the latest stable version of Apache and mod_ssl, they have lots of security patches.

Due to security concerns, I need to update these components.


Since there is no OS X Server updates for now...

How do I manually update Apache and mod_ssl, on my current server which is running Profile Manager?

(without affecting the current server configurations and files)


Thanks.

OS X Mavericks (10.9.3)

Posted on Jun 11, 2014 11:19 PM

Reply
Question marked as Top-ranking reply

Posted on Jun 12, 2014 5:52 AM

If you manually replace components used by the server software you are going to almost certainly break things especially Server.app (for administration) and in this case you would also almost certainly break Profile Manager and the Wiki server.


If you want to use Apple's server software then you have no real choice but like the rest of us to wait for Apple to include any upgrades.


As examples the bootpd and racoon software and even the ntp client included by Apple are not merely different versions compared to the latest stable releases but are actually heavily customised by Apple and behave significantly differently. As far as I am aware the Apache used by Apple is pretty standard and the main difference is the name and locations of files Appe uses, i.e. not only do Apple not use the standard httpd.conf file and location but the process of installing SSL certificates is very different to a standard Apache system.


It is possible to upgrade some components e.g. perl with minimal risk of break Apple services, it is also possible to install separate copies of items like Apache and run them separately to Apple's. However such a separate install of Apache would not serve Profile Manager up for you.

1 reply
Question marked as Top-ranking reply

Jun 12, 2014 5:52 AM in response to BenenGL

If you manually replace components used by the server software you are going to almost certainly break things especially Server.app (for administration) and in this case you would also almost certainly break Profile Manager and the Wiki server.


If you want to use Apple's server software then you have no real choice but like the rest of us to wait for Apple to include any upgrades.


As examples the bootpd and racoon software and even the ntp client included by Apple are not merely different versions compared to the latest stable releases but are actually heavily customised by Apple and behave significantly differently. As far as I am aware the Apache used by Apple is pretty standard and the main difference is the name and locations of files Appe uses, i.e. not only do Apple not use the standard httpd.conf file and location but the process of installing SSL certificates is very different to a standard Apache system.


It is possible to upgrade some components e.g. perl with minimal risk of break Apple services, it is also possible to install separate copies of items like Apache and run them separately to Apple's. However such a separate install of Apache would not serve Profile Manager up for you.

How to manually patch OS X Server bundled outdated components?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.