Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 1.3.24 released

Posted by michael on from the better-than-ever dept.

fishnuts writes "Apache 1.3.24 was released with the usual new security fixes, bug fixes, and features. Here's the announcement."

1 of 14 comments (clear)

  1. Actually... by Evro · · Score: 4, Informative
    Actually, you appear to have not read the announcement.
    Apache 1.3.24 Major changes Security vulnerabilities

    The main security vulnerabilities addressed in 1.3.24 are:

    • Fix the security vulnerability noted in CAN-2002-0061 (mitre.org) regarding the escaping of command line args on Win32.
    • Prevent invalid client hostnames from appearing in the log file.
    New features

    The main new features in 1.3.24 (compared to 1.3.23) are:

    • Various mod_proxy improvements, such as the new ProxyIOBufferSize directive
    • The new IgnoreCase keyword to the IndexOptions directive.

    New features that relate to specific platforms:

    • Added the module mod_log_nw to handle log rotation under NetWare

    Bugs fixed

    The following bugs were found in Apache 1.3.23 and have been fixed in Apache 1.3.24:

    • mod_rewrite's rnd was broken and has been fixed.
    • The -S option of apxs was not able to handle quotes; also apxs is now rebuilt when options are changed.
    • proxy now correctly handles Cookies and X-Cache headers.

    The following bugs relate to specific platforms:

    • Fixed a problem in TPF when we were using the wrong subpool when opening the error log.
    • pthread accept() mutexes on Solaris were broken (since we were not linking against pthread)
    --
    rooooar