Apache News Online: 29 October 2003 - Apache HTTP Server 2.0.48 Released

« 27 October 2003 - Mod_python 3.1.2 Beta Released | Main | 29 October 2003 - Apache HTTP Server 1.3.29 Released »

October 29, 2003

29 October 2003 - Apache HTTP Server 2.0.48 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the eleventh public release of the Apache 2.0 HTTP Server. This Announcement notes the significant changes in 2.0.48 as compared to 2.0.47.

This version of Apache is principally a bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.48 addresses two security vulnerabilities:

mod_cgid mishandling of CGI redirect paths could result in CGI output going to the wrong client when a threaded MPM is used.
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0789]

A buffer overflow could occur in mod_alias and mod_rewrite when a regular expression with more than 9 captures is configured.
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0542]

This release is compatible with modules compiled for 2.0.42 and later versions. We consider this release to be the best version of Apache available and encourage users of all prior versions to upgrade.

Apache 2.0.48 is available for download from
http://httpd.apache.org/download.cgi

Please see the CHANGES_2.0 file, linked from the above page, for a full list of changes.

Apache 2.0 offers numerous enhancements, improvements, and performance boosts over the 1.3 codebase. For an overview of new features introduced after 1.3 please see

http://httpd.apache.org/docs-2.0/new_features_2_0.html

When upgrading or installing this version of Apache, please keep in mind the following:
If you intend to use Apache with one of the threaded MPMs, you must ensure that the modules (and the libraries they depend on) that you will be using are thread-safe. Please contact the vendors of these modules to obtain this information.

For more information, see the Apache HTTP Server Project WebSite.

----

Project Info -- Apache HTTP Server
The Apache HTTP Server is an open-source HTTP server for modern operating systems including UNIX, MS-Windows, Macintosh and Netware. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Apache has been the most popular web server on the Internet since April of 1996.
Releases can be downloaded from http://httpd.apache.org/download.cgi
Project Website http://httpd.apache.org/
Programming Languages C
Categories network-server, http, httpd-module
Mailing Lists http://httpd.apache.org/lists.html
Bug/Issue Tracker http://httpd.apache.org/bug_report.html
Project Management Committee Apache HTTP Server
Access to the source code:
Browse http://svn.apache.org/viewcvs.cgi/httpd/httpd/
SVN Direct http://svn.apache.org/repos/asf/httpd/httpd/

Posted by Tetsuya Kitahata at October 29, 2003 04:14 AM
http://www.apachenews.org/archives/000037.html
[ Category : Apache HTTP ] (PDF)(XML)

Project Website	http://httpd.apache.org/
Programming Languages	C
Categories	network-server, http, httpd-module
Mailing Lists	http://httpd.apache.org/lists.html
Bug/Issue Tracker	http://httpd.apache.org/bug_report.html
Project Management Committee	Apache HTTP Server

Browse	http://svn.apache.org/viewcvs.cgi/httpd/httpd/
SVN Direct	http://svn.apache.org/repos/asf/httpd/httpd/