Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache HTTP Server 1.3.29 Released

Posted by timothy on from the dot-dot-dot-dot dept.

Dan writes "The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of version 1.3.29 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 1.3.29 as compared to 1.3.28. Release 1.3.29 addresses and fixes a potential security issue CAN-2003-0542 (cve.mitre.org): Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. You can download this release from one of your preferred mirror sites."

12 of 36 comments (clear)

  1. Big Changes ? by noselasd · · Score: 3, Insightful

    Where are the big changes ? I see 8 more or less minor bugfixes.

  2. The Apache Section's Motto: by Farley+Mullet · · Score: 4, Funny

    Slashdot's Apache Section: For The Apache Admin Who Just Refuses To Get On The Mailing List.

  3. On the note of that... by FinestLittleSpace · · Score: 2, Funny

    ...I better make the obligatory comment....

    "Cor, at least it's not IIS... we'd be having thousands of bugfixes. Damn M$."

  4. Thanks by barcodez · · Score: 2, Interesting

    Well I for one appreciate the Apache httpd development team's efforts.

    --

    ----
  5. Why list a commercial web site? by Futurepower(R) · · Score: 3, Insightful


    The Slashdot story said, "... are pleased to announce the release of version 1.3.29 of the Apache HTTP Server ("Apache")."

    However, that link references only a copy of the release info on a commercial bulletin board, BSDForums.org, that has plenty of advertisements.

    The Slashdot story could have said, "... are pleased to announce the release of version 1.3.29 of the Apache HTTP Server ("Apache")", which is the official announcement on the apache.org site.

  6. Apache HTTP Server 2.0.48 is also out by jimjag · · Score: 3, Informative

    Released at the same time was 2.0.48.

  7. what about 2.0.48? by bluethundr · · Score: 2, Informative


    In related news, the 2.48 version of apache was also released. Was this a slashdot moment, as well? Did I miss a memo? I'm assuming I have. I recently read the O'Reilly book on this topic and two things seemed clear. 1) That the authors of the book really preferred the 1.3.x series of httpd to the 2.x series and that 2) BSD is the way to be for Apache (though Linux is an "okay" substitute.) Which really surprised me because threading in Linux is better than BSD.

    So my questions are: If they are updating the 2.x series why are they *also* updating the 1.3.x series? Isn't the idea that 2.x will supplant/replace the earlier series? What do you get out of using the older version that you don't with the newer? Other than the ability to work with a tool that's more familiar to you becasue you've been using it for so long...Wouldn't the technological advantages of using the newer version outwiegh the inconvenience of yet another learning curve?

    --
    Quod scripsi, scripsi.
    1. Re:what about 2.0.48? by WoodstockJeff · · Score: 2, Informative
      I don't think it is the learning curve, per se... I made the change-over to 2.x with few problems, other than some security issues that are outside of apache's control (Mandrake 9.x won't allow apache to run CGI without as-yet-unfound configuration changes).

      The main problem is that some things written for apache 1.x do not work under 2.x, or have significant problems. PHP was one of them; other modules have been problematic, too. Once PHP ran acceptably, we switched...

    2. Re:what about 2.0.48? by PowerBert · · Score: 2, Informative

      1.3.x isn't being updated. It's in bug fix mode, which means only bugs and security problems are fixed no active development is being done. I think one of the main reason for sticking with 1.3.x for now is that mod_perl for 2.0 isn't considered stable yet. We find it breaks a lot of our mod_perl server management stuff too. 2.0 hasn't been out that long really. How many people out there still run Windows NT4?

    3. Re:what about 2.0.48? by mysticalreaper · · Score: 4, Insightful

      If they are updating the 2.x series why are they *also* updating the 1.3.x series? Isn't the idea that 2.x will supplant/replace the earlier series? What do you get out of using the older version that you don't with the newer?

      Here, my friend is the beauty of open source. If you want to keep using apache 1.3 (as many are), you can. There's no such thing as a forced upgrade. What version of the software you use is entirely up to you. 2.0 is supposed to be an improvement over 1.3 (and it is), but it's not supposed to 'supplant' 1.3. Just like the Linux kernel 2.4 didn't 'supplant' 2.2, though it WAS an improvement.

      As long as there are interested people in the 1.3 series, bugfixes will come in, and holes will be patched. And that's why it's still being updated. Heck, even the 2.0 kernel is actively maintained. The canges are very slow, but if there's an obvious fix, it will be put in.

      So basically, it's up to you to decide which version to run. And that's exactly the idea, that you have choice and freedom with your software.

    4. Re:what about 2.0.48? by 8282now · · Score: 2, Informative

      I'm sure you've seen for yourself but the reason for the dual development track is that not all 1.3x modules have been migrated to the new 2.x platform.
      There are still a number of very popular modules that still require the use of the 1.3x code. So instead of "orphaning" those poor souls dependent (?) on the 1.3x modules, (as mentioned by another poster) the open source world allows for and supports multiple versions to exist.

      Just my two cents...

  8. webserver written in Postscript! by satanami69 · · Score: 3, Funny

    Why bother with Apache when you can get the power of PS-HTTPD

    PS-HTTPD is a HTTP-server written in Postscript. It can handle the main task of a webserver, serving data.

    --
    I really hate Dan Patrick.