Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache 1.3.33 Released

Posted by CowboyNeal on from the one-more-try dept.

harmgsn writes "Following the release of Apache 1.3.32, the Apache Group released Apache 1.3.33 to fix a security flaw in mod_include and in the Content-Length field. The official announcement is available as well as the ChangeLog for the 1.3.x series."

8 of 227 comments (clear)

  1. Re:What ever by myg · · Score: 5, Informative
    Apache 2 has quite a few good things going for it over Apache 1. First off, it handles multi-threading much better meaning that very heavy workloads require less CPU time[*]

    Second, Apache 2 supports things like DAV which mean that to publish information on the web users need less access than with Apache 1 (such as shell accounts or worse FTP, since most ISP's don't think users should use SSH for some odd reason).

    Lastly, Apache 2 can run Subversion. So not only can you use DAV to update information without shell access of any kind but you can version that information too.

    [*] Why is multi-threading faster than the pre-fork model of Apache 1? Because there is less work to do when context-switching threads. A thread shares the same virtual address space with other threads in the process. Changing virtual address spaces is slow because it requires a TLB flush (as well as one or more extra registers to save). The TLB flush increases memory accesses.

  2. Re:What ever by PhrostyMcByte · · Score: 4, Informative
    SF.NET just sent out an email a few days ago:

    The SourceForge.net team is pleased to announce the long-awaited
    upgrade to our project web service. SourceForge.net staff are
    currently in the process of completing hardware procurement and
    system build-out. The official date for this upgrade has not yet
    been set; once our hardware build-out has been completed, the
    date will be announced on the SourceForge.net Site Status page.
    https://sourceforge.net/docs/A04/

    This upgrade consists of a significant hardware upgrade and
    Operating System upgrade. Due to the large upgrades involved here,
    it may be necessary to upgrade your scripts.

    ...

    New configuration:

    Fedora Linux: Fedora Core 2
    Linux kernel 2.6.x
    GNU libc 2.3.3
    Apache 2.0.51
    Perl 5.8.3
    PHP 4.3.8
    Python 2.3.3
    Tcl 8.4.5
    Apache 2.x is good enough for a large site such as sf.net, it is good enough for others.
  3. Re:How by Goonie · · Score: 5, Informative
    Sure, no one has found any bugs Knuth's TeX in years.

    Knuth is a freak of nature who spent eight years writing a program on his own, largely for his own edification and completely free of commercial pressure. Few others have that freakish ability, fewer still get to work on their pet project by themselves for that long before offering it to the world. So there are limits to how many lessons can be drawn from this very unusual example.

    --

    Any sufficiently advanced technology is indistinguishable from a rigged demo
    --Andy Finkel (J. Klass?)
  4. Re:What ever by FireChipmunk · · Score: 4, Informative

    No one uses Apache 2 in production. I guess all those sites don't have a clue about security.

  5. Re:How by pairo · · Score: 3, Informative

    Sure, no one has found any bugs Knuth's TeX in years. Same for Qmail, and others.
    Er, wrong. qmail has had a couple of security flaws, and more than a couple of bugs. For a more exhaustive list, Google is your friend.

  6. Re:why cant they just release patches? by pairo · · Score: 4, Informative

    Because it makes it easy to keep track of wether you're vulnerable or not. Because it makes it obvious something important changed. Because it allows them to release a couple of other patches as well.

  7. Content-Length in mod_proxy by morten+poulsen · · Score: 4, Informative

    It is worth noting that the Content-Length security problem is in mod_proxy, not in the main daemon.

    See CAN-2004-0492 for details.

  8. Re:What ever by bustersnyvel · · Score: 4, Informative

    www.apache.org - Apache 2:
    HTTP/1.1 200 OK
    Date: Fri, 29 Oct 2004 09:17:14 GMT
    Server: Apache/2.0.52 (Unix) ....

    www.redhat.com - Unknown apache version:
    HTTP/1.1 200 OK
    Date: Fri, 29 Oct 2004 09:18:05 GMT
    Server: Apache ...

    www.cnn.com - Unknown apache version:
    HTTP/1.1 200 OK
    Date: Fri, 29 Oct 2004 09:18:45 GMT
    Server: Apache

    www.cnet.com - Apache 2:
    HTTP/1.1 200 OK
    Date: Fri, 29 Oct 2004 09:19:08 GMT
    Server: Apache/2.0

    www.bbc.co.uk - Apache 2:
    HTTP/1.1 200 OK
    Date: Fri, 29 Oct 2004 09:19:38 GMT
    Server: Apache/2.0.51 (Unix)

    us2.php.net - Apache 2:
    HTTP/1.1 200 OK
    Date: Fri, 29 Oct 2004 09:20:01 GMT
    Server: Apache/2.0.46 (Unix) mod_perl/1.99_09 Perl/v5.8.0 mod_ssl/2.0.46 OpenSSL/0.9.6g DAV/2 FrontPage/5.0.2.2634 PHP/4.3.2 mod_gzip/2.0.26.1a

    I guess a lot of people use Apache 2!