Apache 2.0.40 Released

cliffwoolley writes "On August 7, the Apache Software Foundation was notified of a significant vulnerability that affects the Win32, OS/2, and Netware ports of Apache 2.0. It has the potential to allow an attacker to inflict serious damage to a server and/or reveal sensitive data on those platforms. To fix this vulnerability in addition to a number of cross-platform issues (a pair of path exposures and a number of bugs), Apache 2.0.40 has been released. It is considered the best currently available version of Apache, and all users are urged to upgrade."

Re:Apache and security

[buzzbomb]

So the Apache group has once again proven that they can deliver both a slow and insecure web server. How many more security holes will Apache have before it is "secure"? And when will Apache deliver truly high performance by having a non blocking I/O model?

When will you stop bitching and join the Apache devel team to help make it secure? When will you submit a non-blocking I/O patch to the Apache codebase?

If you don't like the direction they are going, either don't use it or join the devel team. There's no need to bitch and moan about it like it intimately affects your life.

Apache is NOT the fastest out there...but it is the most configurable (PHP, Perl, etc) and the best all-around webserver there is. Many of us think that the Apache team has done great work and we apprieciate every minute of it.

Re:PHP?

[Micah]

Isn't CVS almost by definition experimental? If it wasn't experimental it would be released as 4.3.0!

And then there's mod_perl, which is also apparently in beta for Apache 2. I'd upgrade if I could reliably run Slashcode under that.