Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 2.0.48 Released

Posted by CowboyNeal on from the hitting-the-streets dept.

Gruturo writes "Busy week for the Apache software foundation: After 1.3.29, version 2 gets an update as well with 2.0.48, which mainly fixes these two security vulnerabilities. As usual, using a mirror is recommended." The official announcement lists several changes as well.

13 of 159 comments (clear)

  1. Apache security documentation by Anonymous Coward · · Score: 3, Informative


    http://www.cgisecurity.com/webservers/apache/

  2. Time to upgrade my Apple ][ server. by Anonymous Coward · · Score: 3, Funny

    It will take all November to compile it :(

  3. Hmmm... by damiam · · Score: 3, Funny

    An Apache point release on the front page? Can you say "slow news day"?

    --
    It's hard to be religious when certain people are never incinerated by bolts of lightning.
    1. Re:Hmmm... by spektr · · Score: 3, Funny

      An Apache point release on the front page? Can you say "slow news day"?

      It annoys me that I have to download the full dupe at every point release. Can't they post incremental patches for the article and the replies?

  4. Re:A step in the right direction by Tim+C · · Score: 4, Informative

    commercial application servers such as Tomcat

    Tomcat is open source; it's one of the Jakarta projects.

    compared to Oracle's WebSphere

    IBM make WebSphere, not Oracle.

    If Ximian would only release the .NET framework for Solaris

    Microsoft makes the .NET Framework, not Ximian, although Ximian does have a hand in Mono, the open source implementation of the .NET Framework.

    --
    It's official. Most of you are morons.
  5. OMG YES YES YES! by Anonymous Coward · · Score: 5, Funny

    2.0.48 is released!

    This is the defining moment of my life. I have been continually pressing the "refresh" button since the story about 2.0.47 being released. Now all my hard work has paid off.

    2.0.48 is released at last!

    1. Re:OMG YES YES YES! by Praeluceo · · Score: 4, Funny

      Yeah, and even after refreshing your browswer since July 10th, for the sole purpose of finding this announcement, you -still- couldn't get a first post? That's just pathetic.

      Not only do you need a life, you need to get better at not having one!

  6. Logging bug by KalvinB · · Score: 4, Informative

    I used Apache 2.0.47 for all of a day before I decided to never use the 2.0.x line again. Apparently when a partial transfer is requested, Apache 2.0.47 logs the full amount requested. Not what was actually transfered. I ended up showing over 10GB of transfer in a single day on a 256Kbit DSL line. Which if you do the math is only physically capable of about 2.5GB a day.

    I looked at my logs and determined that a couple AOL users were trying to get a rather large file

    aca9bd40.ipt.aol.com 655 6689 1004 310
    acc4e74f.ipt.aol.com 1014 5412 521 148
    ac8bd972.ipt.aol.com 140 1565 534 745

    Requests MB KB Bytes. All that transfer supposedly happened in about a day.

    I notified bug-track but apparently such a simple problem (which doesn't exist in the 1.3.x line) isn't worth addressing.

    After all, who actually uses the Apache 2.0.x logs to monitor transfer? Hopefully not any hosting companies because the customers are going to get royally screwed.

    Ben

    --
    Work Safe Porn
    1. Re:Logging bug by portnoy · · Score: 5, Informative
      Um, didn't someone provide a solution to your bug report? (i.e. use the more advanced log module).

      Seems to me that they do see this as a problem worth addressing; they already have a fix.

  7. Netcraft stats for Apache by bhny · · Score: 4, Interesting

    the new netcraft stats are posted.

    apache just keeps stealing more market share-

  8. Re:1.3 branch by crisco · · Score: 3, Informative
    AFAIK New releases of 1.3 are bugfixes and security patches. 2.0 has been labeled production ready for over a year.

    The problem isn't Apache itself but the open source modules that help make Apache the most useful webserver out there. Widely used projects like mod_perl and mod_php have only recentlyy released versions of these that work properly with Apache 2 and even these are still labeled betas.

    Additionally, most competent sysadmins won't mess with what isn't broken, so their server farms running 1.3 are going to continue running 1.3 for a while yet.

    --

    Bleh!

  9. Re:Debian by jjohnson · · Score: 3, Interesting

    You know, I avoided the RPM of apache when I built my webserver, instead choosing to download it and compile 2.0 from source, and get it working myself. Which I did. Having done it once, I know it pretty well now, and it took me five minutes to go from 2.0.45 to 2.0.48 after seeing this story, having saved my ./configure in an executable file. I ran that, make, make install, copy the conf files and the resin .so, test it, and switch the symbolic link that the sys V script goes to.

    So. Untinstall the deb, download it, compile it, install it, and get it working. It's no harder to configure, and you're free of package tyranny.

    --
    Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
  10. Re:Apache 2.0 by Spoke · · Score: 5, Informative

    IMO, the best reason to use Apache 2.0 is that with mod_deflate, you can now easily add content encoding compression to an entire website to save bandwidth. Previously with Apache 1.3, you could add in mod_gzip, but mod_gzip wouldn't compress SSL content without some very ugly config hacks including mod_proxy with a substantial performance benefit. 2.0 eliminates this issue.

    I've seen bandwith drop on websites drop from 20-80% depending on how much content is non-compressible (like graphics).