Nová verze obsahuje dvě bezpečnostní opravy, jedna z nich již byla opravena ve verzi 2.2.25 vydané před dvěma týdny.
SECURITY: CVE-2013-2249 (cve.mitre.org)
mod_session_dbd: Make sure that dirty flag is respected when saving sessions, and ensure the session ID is changed each time the session changes. This changes the format of the updatesession SQL statement. Existing configurations must be changed.
Nová verze také obsahuje modul mod_macro.
This modules provides macros within apache runtime configuration files. These macros have parameters. They are expanded when used (parameters are substituted by their values given as an argument), and the result is processed normally.