Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 2.0.52 Released

Posted by timothy on from the it-escaped dept.

roly writes "Not long after 2.0.51 was released, Apache 2.0.52 has come out. It's primarily a bugfix release, fixing one security flaw that was introduced in 2.0.51. See the release announcement, and the changelog. Download it from a mirror."

1 of 16 comments (clear)

  1. Re:patch vs. upgrade by Medievalist · · Score: 3, Interesting

    Yeah, you need to do extra paperwork in such situations, so it might be less work to just up-rev.

    I frequently hack infrastructure software (like sendmail, bind and apache) to report incorrect version numbers, because that way the crackers always start out by trying attacks that don't work and are easily detected.

    Every time I see some buffoon trying an old sendmail trick I blackhole their IP at the edge router. I hope to eventually set up a tarpit and mire the losers in that, but for now I just discard their packets.

    I have to have all this documented because the auditors always telnet to port 25 and write down whatever they see, so they get all excited and think they've found a security hole... it's funny to watch their faces when I produce the documentation of the real versions of the software, and they realize they've been had!