Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 2.0.52 Released

Posted by timothy on from the it-escaped dept.

roly writes "Not long after 2.0.51 was released, Apache 2.0.52 has come out. It's primarily a bugfix release, fixing one security flaw that was introduced in 2.0.51. See the release announcement, and the changelog. Download it from a mirror."

4 of 16 comments (clear)

  1. Apache 2.0.52 fixes 2.0.51 security regression by dananderson · · Score: 3, Informative

    As I noted in the Apache 2.0.51 notice in /., this Apache 2.0.52 fixes a security regression from 2.0.51. You can also apply a 4-line patch to 2.0.51. Apache 2.0.52 works fine for me in production (been using it since yesterday on 2 systems).

    1. Re:Apache 2.0.52 fixes 2.0.51 security regression by Orbital+Sander · · Score: 3, Informative

      Do holes in the 1.3.x line not get discovered anymore because everyone is busy with 2.0.x?

      Many folks still run 1.3, and holes in that version tend to get fixed.

      --

      What Would the Fab Five Do?
    2. Re:Apache 2.0.52 fixes 2.0.51 security regression by roly · · Score: 2, Informative

      I still use 1.3.xx, as do many others. There was a hole found in 1.3.31 and older version to do with a buffer overflow in htpasswd that has been fixed in 1.3.32-dev. Proof that holes are still fixed.

      http://www.computec.ch/projekte/atk/plugins/plugin slist/Apache%20prior%201.3.32%20htpasswd%20buffer% 20overflow.plugin.html

      --
      "With Microsoft, you get Windows. With Linux, you get the full house" - unknown
  2. Apache security documentation by Anonymous Coward · · Score: 3, Informative


    http://www.cgisecurity.com/webservers/apache/