Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 2.0.50 Released

Posted by simoniker on from the incredible-bongo-band dept.

Gruturo writes "The Apache Software Foundation just released version 2.0.50, which, apart from the usual incremental improvements and bug fixes, addresses security vulnerabilities such as CAN-2004-0493 (Memory leak which could lead to resource depletion == DoS) and CAN-2004-0488 (a mod_ssl buffer overflow). Be kind to their servers and use a mirror."

5 of 40 comments (clear)

  1. Safe to upgrade yet? by Anonymous Coward · · Score: 1, Informative

    I'm still using 1.3.31. php working okay these days? How about php 5?

    1. Re:Safe to upgrade yet? by a.koepke · · Score: 5, Informative

      I am using PHP 5 and works great. The trick is to compile Apache using the prefork MPM.

      Quote from http://httpd.apache.org/docs-2.0/mod/prefork.html

      This Multi-Processing Module (MPM) implements a non-threaded, pre-forking web server that handles requests in a manner similar to Apache 1.3. It is appropriate for sites that need to avoid threading for compatibility with non-thread-safe libraries. It is also the best MPM for isolating each request, so that a problem with a single request will not affect any other.

      Using Apache 2 in this method will make it work perfectly with PHP.

      --


      (\(\
      (^.^)
      (")")
      *This is the cute bunny virus, please copy this into your sig so it can spread
    2. Re:Safe to upgrade yet? by stoborrobots · · Score: 2, Informative

      PHP+Apache2 is "working OK"...

      Just not well enough to sign off an enterprise solution on...

      Check out these links for more details...
      PHP-Dev Mailing list discussion
      Discussion on PHP buglist
      as well as a more tongue-in-cheek reply...

      --
      "Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
  2. Re:Hold yer horses... by afay · · Score: 4, Informative

    Well, here is a list of new features. Whether or not those features are worth the upgrade hassle is up to you.

    --
    Best slashdot comment
  3. A couple of responses by redwoodtree · · Score: 5, Informative

    First of all, to the people who wonder what's so great about Apache 2.x you should take some time to understand that Apache 2 is a completely new way of thinking about the HTTP server paradigm. Apache 2.x is now no longer simply an HTTP server but a protocol server that can serve anything you can write, FTP, SMTP whatever. In fact Apache 2.x FTP server has been darn stable.

    Besides the threaded model and the above paradigm shift, there is also the great improvements in the build system, the API and IPv6 support. You can read all about it here: New Features 2.0 . Do yourself a favor and start learning Apache 2.x now, you will not regret it down the line.

    Finally, I believe that with the 2.0.50 release the contributors have solved some of the most serious bugs and have delivered one of the most stable releases of Apache to date. Of course time will tell if there are significant bugs, I wouldn't go upgrading your production environment tomorrow. But the folks there have worked really hard on the big bugs and I have to give them a big thank you.

    The full change list is here: Changes 2.0.50 . They have fixed a very serious stderr bug, several annoying ldap bugs, addressed various other security and performance issues and generally done a great job.

    Way to go folks. Thank you!!!