Apache 2.0.39 Released

By Kevin Reichard (Send Email)
Posted Jun 19, 2002


From the Apache Project: This version of Apache is principally a security and bug fix release, partially designed to address the issues raised regarding chunked transfer encoding.

The Apache HTTP Server Project is proud to announce the third public release of Apache 2.0. Apache 2.0 has been running on the Apache.org website since December of 2000 and has proven to be very reliable.

This version of Apache is principally a security and bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.39 addresses and fixes the issues noted in CAN-2002-0392 (mitre.org) [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding. We would like to thank Mark Litchfield of ngssoftware.com for discovering and reporting the vulnerability.

Apache 2.0 offers numerous enhancements, improvements and performance boosts over the 1.3 codebase. The most visible and noteworthy addition is the ability to run Apache in a hybrid thread/process mode on any platform that supports both threads and processes. This has shown to improve the scalability of the Apache HTTP Server significantly in our testing. Apache 2.0 also includes support for filtered I/O. This allows modules to modify the output of other modules before it is sent to the client. We have also included support for IPv6 on any platform that supports IPv6.

This version of Apache is known to work on many versions of Unix, BeOS, OS/2, Windows, and Netware. Because of many of the advancements in Apache 2.0, the initial release of Apache is expected to perform equally well on all supported platforms.

There are new snapshots of the Apache httpd source available every 6 hours from http://cvs.apache.org/snapshots/ - please download and test if you feel brave. We don't guarantee anything except that it will take up disk space, but if you have the time and skills, please give it a spin on your platforms.

Apache has been the most popular web server on the Internet since April of 1996. The March 2002 WWW server site survey by Netcraft (see http://www.netcraft.com/survey/) found that more web servers were using Apache than any other software; Apache runs on more than 54% of the web servers on the Internet.

For more information and to download the release tarballs, please visit http://httpd.apache.org/

Changes since Apache 2.0.36

Changes with Apache 2.0.39

  • Fixed a build problem in htpasswd.c on Win32. [Guenter Knauf , Cliff Woolley]

Changes with Apache 2.0.38

  • Rewrite htpasswd to use APR. The removes the annoying warning about tmpnam being unsafe. [Ryan Bloom]
  • We must set the MIME-type for .shtml files to text/html if we want them to be parsed for SSI tags. Add the config for that to the default config file so that it is easier to enable .shtml parsing. [Dave Dyer ]
  • Fixed a problem with 'make install' on ReliantUnix. [Jean-frederic Clere ]
  • Make the default_handler catch all requests that aren't served by another handler. This also gets us to return a 404 if a directory is requested, there is no DirectoryIndex, and mod_autoindex isn't loaded. [Justin Erenkrantz]
  • Fixed the handling of nested if-statements in shtml files. PR 9866 [Brian Pane]
  • Allow 'make install DESTDIR=/path'. This allows packagers to install into a directory different from the one that was configured. This also mirrors the root= feature from 1.3. We cannot use prefix=, because both APR and APR-util resolve their installation paths at configuration time. This means that there is no variable prefix to replace. [Andreas Hasenack ]

Page 1 of 5


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.