The apparent lack of testing is shocking for something this big. If I'm understanding correctly, this update will have caused issues across huge swathes of the web, including all Wordpress installations running on this version of Apache, as they include this block of code in their .htaccess file:

  RewriteEngine On
  RewriteBase /
  RewriteRule ^index\.php$ - [L]
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule . /index.php [L]

If the request doesn't exist as a file or directory, rewrite it to index.php in the root, so Wordpress can handle it. This kind of rewriting is very common of course, I'm just taking Wordpress as an example because of its popularity.

▲ agwa 2 days ago | parent | next [-]

This bug only affects a special form of RewriteCond where the first argument is literally "expr", so the rules that you quoted are unaffected.

I have to assume that this form of RewriteCond is pretty rare or the bug would have been caught much sooner.

	▲	abanana 2 days ago \| parent [-]
		Ah I see, thank you for the explanation. Regarding how quickly it was caught, bugs like this are a clear argument against the idea of "always update immediately" that's pushed down everyone's throat these days, and parroted by so many who don't realise it's part of marketing. Luckily updates do tend to be a lot slower when they're components of managed packages (in this case, WHM and the like).

▲ liveoneggs 2 days ago | parent | prev [-]

Since a few years ago the recommendation from apache is to use https://httpd.apache.org/docs/trunk/mod/mod_dir.html#fallbac... instead of mod_rewrite for this pattern