Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 2.0.48 Released

Posted by CowboyNeal on from the hitting-the-streets dept.

Gruturo writes "Busy week for the Apache software foundation: After 1.3.29, version 2 gets an update as well with 2.0.48, which mainly fixes these two security vulnerabilities. As usual, using a mirror is recommended." The official announcement lists several changes as well.

12 of 159 comments (clear)

  1. Apache security documentation by Anonymous Coward · · Score: 3, Informative


    http://www.cgisecurity.com/webservers/apache/

  2. RedHat Fedora coming out on Monday will have this? by linuxguy · · Score: 2, Informative

    Generally RedHat will not put in new packages at the last minute. But this is a security fix release only and also Fedora is considered more experimental than regular Redhat releases.

  3. Re:A step in the right direction by Tim+C · · Score: 4, Informative

    commercial application servers such as Tomcat

    Tomcat is open source; it's one of the Jakarta projects.

    compared to Oracle's WebSphere

    IBM make WebSphere, not Oracle.

    If Ximian would only release the .NET framework for Solaris

    Microsoft makes the .NET Framework, not Ximian, although Ximian does have a hand in Mono, the open source implementation of the .NET Framework.

    --
    It's official. Most of you are morons.
  4. Logging bug by KalvinB · · Score: 4, Informative

    I used Apache 2.0.47 for all of a day before I decided to never use the 2.0.x line again. Apparently when a partial transfer is requested, Apache 2.0.47 logs the full amount requested. Not what was actually transfered. I ended up showing over 10GB of transfer in a single day on a 256Kbit DSL line. Which if you do the math is only physically capable of about 2.5GB a day.

    I looked at my logs and determined that a couple AOL users were trying to get a rather large file

    aca9bd40.ipt.aol.com 655 6689 1004 310
    acc4e74f.ipt.aol.com 1014 5412 521 148
    ac8bd972.ipt.aol.com 140 1565 534 745

    Requests MB KB Bytes. All that transfer supposedly happened in about a day.

    I notified bug-track but apparently such a simple problem (which doesn't exist in the 1.3.x line) isn't worth addressing.

    After all, who actually uses the Apache 2.0.x logs to monitor transfer? Hopefully not any hosting companies because the customers are going to get royally screwed.

    Ben

    --
    Work Safe Porn
    1. Re:Logging bug by portnoy · · Score: 5, Informative
      Um, didn't someone provide a solution to your bug report? (i.e. use the more advanced log module).

      Seems to me that they do see this as a problem worth addressing; they already have a fix.

  5. Re:Apache 2.0 by Anonymous Coward · · Score: 1, Informative

    2.0 does have numerous features and enhancements over 1.3 but didn't offer significant performance advantages over 1.3 on Linux and most Unix platforms . And as far as "problems" go, 2.0 had a completely new module system so modules had to be redesigned for 2.0, not really a problem with the modules. Just taken awhile to redesign them. Most Linux distros have moved to 2.0 which is what people really have been waiting for.

  6. Re:1.3 branch by jjohnson · · Score: 2, Informative

    The 2.0 line offers new internals and a new module API that's supposedly a lot cleaner and better organized. The biggest internal change of which I'm aware is that Apache now does proper threading, instead of fork()ing--that's why the big improvement on Windows, which is natively threaded, while a smaller improvement on unices.

    --
    Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
  7. Better than ever before by a5cii · · Score: 1, Informative

    Apache 2.0.48 works extremely well on windows 2000 there are no problems such as hanging during shutdown for me anymore one qualm i have is that the configuration could be made a bit easier using a web based interface like the one which abyss web server from www.aprelium.com has i look forward to a long and happy life with apache MC

  8. Re:Apache 2.0 by Anonymous Coward · · Score: 1, Informative

    Apache2 runs quite well with mod_perl and just about everything else under win32.

    Check out http://www.devside.net

  9. Re:1.3 branch by crisco · · Score: 3, Informative
    AFAIK New releases of 1.3 are bugfixes and security patches. 2.0 has been labeled production ready for over a year.

    The problem isn't Apache itself but the open source modules that help make Apache the most useful webserver out there. Widely used projects like mod_perl and mod_php have only recentlyy released versions of these that work properly with Apache 2 and even these are still labeled betas.

    Additionally, most competent sysadmins won't mess with what isn't broken, so their server farms running 1.3 are going to continue running 1.3 for a while yet.

    --

    Bleh!

  10. Re:Netcraft stats for Apache by Anonymous Coward · · Score: 1, Informative

    These are not OS stats...they are server stats. If a machine is running Apache on Windows, it gets counted as Apache. If a Windows/IIS server is behind some kind of elaborate proxy setup which is under another OS, it will be counted as IIS, although some impossible combinations like Linux/IIS or Solaris/IIS may result.

    If it is not serving web pages at all, it shouldn't be counted, and it won't be.

  11. Re:Apache 2.0 by Spoke · · Score: 5, Informative

    IMO, the best reason to use Apache 2.0 is that with mod_deflate, you can now easily add content encoding compression to an entire website to save bandwidth. Previously with Apache 1.3, you could add in mod_gzip, but mod_gzip wouldn't compress SSL content without some very ugly config hacks including mod_proxy with a substantial performance benefit. 2.0 eliminates this issue.

    I've seen bandwith drop on websites drop from 20-80% depending on how much content is non-compressible (like graphics).