October 18, 2005
18 October 2005 - Apache HTTP Server 1.3.34 Released
The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 1.3.34 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 1.3.34 as compared to 1.3.33. This Announcement1.3 document may also be available in multiple languages at:
This version of Apache is principally a bug and security fix release. A partial summary of the bug fixes is given at the end of this document. A full listing of changes can be found in the CHANGES file. Of particular note is that 1.3.34 addresses and fixes 2 potential security issues:
- If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.
- Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.
We consider Apache 1.3.34 to be the best version of Apache 1.3 available and we strongly recommend that users of older versions, especially of the 1.1.x and 1.2.x family, upgrade as soon as possible. No further releases will be made in the 1.2.x family.
Apache 1.3.34 is available for download from
Binary distributions are available from
This service utilizes the network of mirrors listed at:
Please see the CHANGES_1.3 file in the same directory for a full list of changes.
As of Apache 1.3.12 binary distributions contain all standard Apache modules as shared objects (if supported by the platform) and include full source code. Installation is easily done by executing the included install script. See the README.bindist and INSTALL.bindist files for a complete explanation. Please note that the binary distributions are only provided for your convenience and current distributions for specific platforms are not always available. Win32 binary distributions are based on the Microsoft Installer (.MSI) technology. While development continues to make this installation method more robust, questions should be directed to the news:comp.infosystems.www.servers.ms-windows newsgroup.
For an overview of new features introduced after 1.2 please see
- http://httpd.apache.org/docs/new_features_1_3.html
In general, Apache 1.3 offers several substantial improvements over version 1.2, including better performance, reliability and a wider range of supported platforms, including Windows 95/98 and NT (which fall under the "Win32" label), OS2, Netware, and TPE threaded platforms.
IMPORTANT NOTE FOR APACHE USERS: Apache 1.3 was designed for Unix OS variants. While the ports to non-Unix platforms (such as Win32, Netware or OS2) are of an acceptable quality, Apache 1.3 is not optimized for these platforms. Security, stability, or performance issues on these non-Unix ports do not generally apply to the Unix version, due to software's Unix origin.
Apache 2.0 has been structured for multiple operating systems from its inception, by introducing the Apache Portability Library and MPM modules. Users on Unix and non-Unix platforms are strongly encouraged to move up to Apache 2.0 for better performance, stability and security on their platforms. We consider Apache 2.0.55 to be the best available version at the time of this release. We offer Apache 1.3.34 as the best legacy version of Apache 1.3 available, and strongly recommend that users who require compatibility with existing Apache 1.3 installations should upgrade as soon as possible. Users should first consider upgrading to the current release of Apache 2 instead.
Apache is the most popular web server in the known universe; over half of the servers on the Internet are running Apache or one of its variants.
Apache 1.3.34 Major changes
Security vulnerabilities
The main security vulnerabilities addressed in 1.3.34 are:
- If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating some HTTP Request Splitting/Spoofing attacks.
- Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.
New features
New features that relate to specific platforms:
- None
New features that relate to specific platforms:
- None
Bugs fixed
The following bugs were found in Apache 1.3.33 (or earlier) and have been fixed in Apache 1.3.34:
hsregex: Fix potential core dumping on 64 bit machines, such as AMD64. PR 31858.mod_digest: Fix another nonce string calculation issue.
----
-- The Apache HTTP Server Project
----
Product Info |
|
| TLP (Top Level Project) Name | Apache HTTP Server Project |
The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server software product for various modern desktop and server operating systems. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. |
|
| Product Name | Apache HTTP Server 1.x |
The Apache HTTP Server is an open-source HTTP server for modern operating systems including UNIX, MS-Windows, Macintosh and Netware. Apache has been the most popular web server on the Internet since April of 1996 |
|
| Downloads | http://httpd.apache.org/download.cgi |
| Bug Tracking | http://httpd.apache.org/bug_report.html |
| License | Apache License Version 2.0 |
Posted by Tetsuya Kitahata at October 18, 2005 07:03 PMProject Info -- Apache HTTP Server
The Apache HTTP Server is an open-source HTTP server for modern operating systems including UNIX, MS-Windows, Macintosh and Netware. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Apache has been the most popular web server on the Internet since April of 1996.
Releases can be downloaded from http://httpd.apache.org/download.cgi
Project Website http://httpd.apache.org/ Programming Languages C Categories network-server, http, httpd-module Mailing Lists http://httpd.apache.org/lists.html Bug/Issue Tracker http://httpd.apache.org/bug_report.html Project Management Committee Apache HTTP Server Access to the source code:
Browse http://svn.apache.org/viewcvs.cgi/httpd/httpd/ SVN Direct http://svn.apache.org/repos/asf/httpd/httpd/
http://www.apachenews.org/archives/000768.html
[ Category : Apache HTTP ] (PDF)(XML)
