Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache HTTP Server 1.3.29 Released

Posted by timothy on from the dot-dot-dot-dot dept.

Dan writes "The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 1.3.29 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 1.3.29 as compared to 1.3.28. Release 1.3.29 addresses and fixes a potential security issue CAN-2003-0542 (cve.mitre.org): Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. You can download this release from one of your preferred mirror sites."

3 of 36 comments (clear)

  1. Big Changes ? by noselasd · · Score: 3, Insightful

    Where are the big changes ? I see 8 more or less minor bugfixes.

  2. Why list a commercial web site? by Futurepower(R) · · Score: 3, Insightful


    The Slashdot story said, "... are pleased to announce the release of version 1.3.29 of the Apache HTTP Server ("Apache")."

    However, that link references only a copy of the release info on a commercial bulletin board, BSDForums.org, that has plenty of advertisements.

    The Slashdot story could have said, "... are pleased to announce the release of version 1.3.29 of the Apache HTTP Server ("Apache")", which is the official announcement on the apache.org site.

  3. Re:what about 2.0.48? by mysticalreaper · · Score: 4, Insightful

    If they are updating the 2.x series why are they *also* updating the 1.3.x series? Isn't the idea that 2.x will supplant/replace the earlier series? What do you get out of using the older version that you don't with the newer?

    Here, my friend is the beauty of open source. If you want to keep using apache 1.3 (as many are), you can. There's no such thing as a forced upgrade. What version of the software you use is entirely up to you. 2.0 is supposed to be an improvement over 1.3 (and it is), but it's not supposed to 'supplant' 1.3. Just like the Linux kernel 2.4 didn't 'supplant' 2.2, though it WAS an improvement.

    As long as there are interested people in the 1.3 series, bugfixes will come in, and holes will be patched. And that's why it's still being updated. Heck, even the 2.0 kernel is actively maintained. The canges are very slow, but if there's an obvious fix, it will be put in.

    So basically, it's up to you to decide which version to run. And that's exactly the idea, that you have choice and freedom with your software.