Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 2.0.48 Released

Posted by CowboyNeal on from the hitting-the-streets dept.

Gruturo writes "Busy week for the Apache software foundation: After 1.3.29, version 2 gets an update as well with 2.0.48, which mainly fixes these two security vulnerabilities. As usual, using a mirror is recommended." The official announcement lists several changes as well.

24 of 159 comments (clear)

  1. Apache security documentation by Anonymous Coward · · Score: 3, Informative


    http://www.cgisecurity.com/webservers/apache/

  2. Re:A step in the right direction by Karamchand · · Score: 2, Insightful

    Tell me: For how long has Tomcat been an commercial application server?
    Yea, I know.. ihbt..

  3. RedHat Fedora coming out on Monday will have this? by linuxguy · · Score: 2, Informative

    Generally RedHat will not put in new packages at the last minute. But this is a security fix release only and also Fedora is considered more experimental than regular Redhat releases.

  4. Time to upgrade my Apple ][ server. by Anonymous Coward · · Score: 3, Funny

    It will take all November to compile it :(

  5. Hmmm... by damiam · · Score: 3, Funny

    An Apache point release on the front page? Can you say "slow news day"?

    --
    It's hard to be religious when certain people are never incinerated by bolts of lightning.
    1. Re:Hmmm... by spektr · · Score: 3, Funny

      An Apache point release on the front page? Can you say "slow news day"?

      It annoys me that I have to download the full dupe at every point release. Can't they post incremental patches for the article and the replies?

    2. Re:Hmmm... by spektr · · Score: 2, Funny

      I rarely compile slashdot threads. I think CVS access to the article database would suffice.

    3. Re:Hmmm... by Repugnant_Shit · · Score: 2, Funny

      slaw nows dee ...dammit, I guess I can't

      --
      Vote for global prefs bug
    4. Re:Hmmm... by nr · · Score: 2, Insightful

      Well its sunday after all. Dont you thinks its even more gnarley that the ninth Linux kernel pre-release (-pre9) made the frontpage, its not even dot release! :) I thinks its good that important open-source software get their spot in the sun, becouse many of us do not follow all projects closely and its nice to have interesting discussions about the software and the project.

  6. Re:A step in the right direction by Tim+C · · Score: 4, Informative

    commercial application servers such as Tomcat

    Tomcat is open source; it's one of the Jakarta projects.

    compared to Oracle's WebSphere

    IBM make WebSphere, not Oracle.

    If Ximian would only release the .NET framework for Solaris

    Microsoft makes the .NET Framework, not Ximian, although Ximian does have a hand in Mono, the open source implementation of the .NET Framework.

    --
    It's official. Most of you are morons.
  7. OMG YES YES YES! by Anonymous Coward · · Score: 5, Funny

    2.0.48 is released!

    This is the defining moment of my life. I have been continually pressing the "refresh" button since the story about 2.0.47 being released. Now all my hard work has paid off.

    2.0.48 is released at last!

    1. Re:OMG YES YES YES! by Praeluceo · · Score: 4, Funny

      Yeah, and even after refreshing your browswer since July 10th, for the sole purpose of finding this announcement, you -still- couldn't get a first post? That's just pathetic.

      Not only do you need a life, you need to get better at not having one!

  8. Logging bug by KalvinB · · Score: 4, Informative

    I used Apache 2.0.47 for all of a day before I decided to never use the 2.0.x line again. Apparently when a partial transfer is requested, Apache 2.0.47 logs the full amount requested. Not what was actually transfered. I ended up showing over 10GB of transfer in a single day on a 256Kbit DSL line. Which if you do the math is only physically capable of about 2.5GB a day.

    I looked at my logs and determined that a couple AOL users were trying to get a rather large file

    aca9bd40.ipt.aol.com 655 6689 1004 310
    acc4e74f.ipt.aol.com 1014 5412 521 148
    ac8bd972.ipt.aol.com 140 1565 534 745

    Requests MB KB Bytes. All that transfer supposedly happened in about a day.

    I notified bug-track but apparently such a simple problem (which doesn't exist in the 1.3.x line) isn't worth addressing.

    After all, who actually uses the Apache 2.0.x logs to monitor transfer? Hopefully not any hosting companies because the customers are going to get royally screwed.

    Ben

    --
    Work Safe Porn
    1. Re:Logging bug by Anonymous Coward · · Score: 2, Flamebait

      Download the code and fix it yourself. Submit a patch back to Apache. Feel good knowing you both helped a project you use and fixed your own problem.

    2. Re:Logging bug by portnoy · · Score: 5, Informative
      Um, didn't someone provide a solution to your bug report? (i.e. use the more advanced log module).

      Seems to me that they do see this as a problem worth addressing; they already have a fix.

  9. Netcraft stats for Apache by bhny · · Score: 4, Interesting

    the new netcraft stats are posted.

    apache just keeps stealing more market share-

  10. Re:Cock-smoking? by tds67 · · Score: 2, Funny
    ...to pay your $1499 licensing fee you cock-smoking teabaggers.

    Yah, as if anyone's going to let you take a lighter to their cock...sheesh...

  11. Apache 2.0 by ceswiedler · · Score: 2, Interesting

    Are people using 2.0 much yet? I remember all of the blowup over how 2.0 didn't really add anything unless you wanted to run it on Windows, and it caused a lot of problems for modules like mod_perl. Is everyone still sticking with 1.3?

    1. Re:Apache 2.0 by Spoke · · Score: 5, Informative

      IMO, the best reason to use Apache 2.0 is that with mod_deflate, you can now easily add content encoding compression to an entire website to save bandwidth. Previously with Apache 1.3, you could add in mod_gzip, but mod_gzip wouldn't compress SSL content without some very ugly config hacks including mod_proxy with a substantial performance benefit. 2.0 eliminates this issue.

      I've seen bandwith drop on websites drop from 20-80% depending on how much content is non-compressible (like graphics).

    2. Re:Apache 2.0 by haeger · · Score: 2, Interesting

      Oh yes.
      mod_perl is a real showstopper for me. I'd love to upgrade to Apace2.x but I really need mod_perl to function properly and it isn't ready so I'm sticking with 1.3 for now.

      Does anyone know the status of mod_perl? Should I try to lessen my dependency on it? Is 2.0 worth the upgrade even if I have to rewrite my app?

      .haeger

      --
      You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
  12. 1.3 branch by amembleton · · Score: 2

    Why are there two branches of Apache? There's the 1.3 and 2.0 lines. I've heard that 1.3 is better than 2.0, so is 2.0 effectivelly a beta? Why are there still new releases of 1.3, why not concentrate on 2.0?

    1. Re:1.3 branch by jjohnson · · Score: 2, Informative

      The 2.0 line offers new internals and a new module API that's supposedly a lot cleaner and better organized. The biggest internal change of which I'm aware is that Apache now does proper threading, instead of fork()ing--that's why the big improvement on Windows, which is natively threaded, while a smaller improvement on unices.

      --
      Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
    2. Re:1.3 branch by crisco · · Score: 3, Informative
      AFAIK New releases of 1.3 are bugfixes and security patches. 2.0 has been labeled production ready for over a year.

      The problem isn't Apache itself but the open source modules that help make Apache the most useful webserver out there. Widely used projects like mod_perl and mod_php have only recentlyy released versions of these that work properly with Apache 2 and even these are still labeled betas.

      Additionally, most competent sysadmins won't mess with what isn't broken, so their server farms running 1.3 are going to continue running 1.3 for a while yet.

      --

      Bleh!

  13. Re:Debian by jjohnson · · Score: 3, Interesting

    You know, I avoided the RPM of apache when I built my webserver, instead choosing to download it and compile 2.0 from source, and get it working myself. Which I did. Having done it once, I know it pretty well now, and it took me five minutes to go from 2.0.45 to 2.0.48 after seeing this story, having saved my ./configure in an executable file. I ran that, make, make install, copy the conf files and the resin .so, test it, and switch the symbolic link that the sys V script goes to.

    So. Untinstall the deb, download it, compile it, install it, and get it working. It's no harder to configure, and you're free of package tyranny.

    --
    Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.