||Technical Updates @ TACKtech Corp.
09.07.2007 - Apache Group: Apache HTTP Server 2.0.61
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
- Download Apache HTTP Server
- SECURITY: CVE-2007-3847 (cve.mitre.org)
mod_proxy: Prevent reading past the end of a buffer when parsing date-related headers. PR 41144. [Davi Arnaut, Nick Kew]
- SECURITY: CVE-2007-1863 (cve.mitre.org)
mod_cache: Prevent segmentation fault if a Cache-Control header has no value. [Niklas Edmundsson ]
- SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public server-status page and ExtendedStatus enabled, for browsers which perform charset "detection". Reported by Stefan Esser. [Joe Orton]
- SECURITY: CVE-2007-3304 (cve.mitre.org)
prefork, worker MPMs: Ensure that the parent process cannot be forced to kill processes outside its process group. [Joe Orton, Jim Jagielski]
- mod_proxy_http: accept proxy-sendchunked/proxy-sendchunks as synonymous. PR 43183 [Brian Rectanus , Vincent Bray]
- log core: ensure we use a special pool for stderr logging, so that
the stderr channel remains valid from the time plog is destroyed,
until the time the open_logs hook is called again. [William Rowe]
- mod_ssl: Version reporting update; displays 'compiled against'
Apache and build-time SSL Library versions at loglevel [info],
while reporting the run-time SSL Library version in the server
info tags. Helps to identify a mod_ssl built against one flavor
of OpenSSL but running against another (also adds SSL-C version
number reporting.) [William Rowe]
- mod_autoindex: Add in Type and Charset options to IndexOptions
directive. This allows the admin to explicitly set the
content-type and charset of the generated page and is therefore
a viable workaround for buggy browsers affected by CVE-2007-4465
(cve.mitre.org). [Jim Jagielski]
- main core: Emit errors during the initial apr_app_initialize()
or apr_pool_create() (when apr-based error reporting is not ready).
[William Rowe, Jeff Trawick]
- log core: Fix issue which could cause piped loggers to be orphaned
and never terminate after a graceful restart. PR 40651. [Joe Orton,
- log core: fix the new piped logger case where we couldn't connect
the replacement stderr logger's stderr to the NULL stdout stream.
Continue in this case, since the previous alternative of no error
logging at all (/dev/null) is far worse. [William Rowe]
- mpm_winnt: Prevent the parent-child pipe from leaking into other
spawned processes, and ensure we have a /Device/null handle for
stdout when running as-a-service. [William Rowe]
- ApacheMonitor: Fix Windows Vista detection. [Mladen Turk]
- mod_so: Solve dev's confusion by reporting expected/seen module
magic signatures when failing with a 'garbled' message, and solve
user's confusion by pointing out 'perhaps compiled for a different
version of apache?'. [William Rowe]
- mod_ssl: initialize thread locks before initializing the hardware
acceleration library, so the latter can make use of the former.
PR 20951. 
- mod_ssl: Support limited buffering of request bodies to allow
per-location renegotiation to proceed. PR 12355. [Joe Orton]
- mod_cgi, mod_cgid: Don't return apr_status_t error value
from input filter chain. PR 31759 (mutated). [Jo Rhett,
- htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
- proxy_http.c: Overlay existing cookies with proxied ones, ala
httpd-2.2. [Jim Jagielski]
- mod_proxy: ProxyTimeout (and others) ignored due to not merging
the *_set params. PR 11540. [Jim Jagielski]
- mod_isapi: Correctly present SERVER_PORT_SECURE.
PR 40573. [Matt Eaton ]
- mod_isapi: Avoid double trailing slashes in HSE_REQ_MAP_URL_TO_PATH
support. Also corrects the slashes for Windows. PR 15993. [William Rowe]
- mod_isapi: Handle "HTTP/1.1 200 OK" style status lines correctly, the
token parser worked while the resulting length was misinterpreted.
PR 29098. [Brock Bland ]
- mod_isapi: Return 0 (failure) for more of the various ap_pass_brigade
attempts to stream the response at the client. Log these as well.
PR 30022, 40470. [William Rowe, Matt Eaton ]
- mod_isapi: Ensure we walk through all the methods the developer may have
employed to report their HTTP status result code.
PR 16637 30033 28089. [Matt Lewandowsky , William Rowe]
- View Release Notes
- View Additional Information
- Visit Apache Group
NID: 17821 / Submitted by: TACKtech Team
Internet Applications, Open Source, Server Applications
|Most recent Apache related news.|
Apache Group: Apache HTTP Server 1.3.42 (final release of 1.3.x)
Apache Group: Apache HTTP Server 2.2.11
Apache Group: Apache HTTP Server 2.2.10
Apache Group: Apache HTTP Server 2.2.9
Apache Group: Apache HTTP Server 1.3.41
View archive of Apache related news.
Yahoo! My Web