« 19 January 2008 - Apache HTTP Server 1.3.41 (2.2.8, 2.0.63) Released | Main | 19 January 2008 - Apache HTTP Server 2.2.8 (2.0.63, 1.3.41) Released »

January 20, 2008

19 January 2008 - Apache HTTP Server 2.0.63 (2.2.8, 1.3.41) Released

Apache HTTP Server 2.0.63 Released

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the legacy release of version 2.0.63 of the Apache HTTP Server ("Apache"). This Announcement notes the significant changes in 2.0.63 as compared to 2.0.61 (2.0.62 was not released). This Announcement 2.0 document may also be available in multiple languages at:

http://www.apache.org/dist/httpd/

This version of Apache is principally a bug and security fix release. The following potential security flaws are addressed:

  • CVE-2007-6388 (cve.mitre.org)
    mod_status: Ensure refresh parameter is numeric to prevent a possible XSS attack caused by redirecting to other URLs. Reported by SecurityReason.

    A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.


  • CVE-2007-5000 (cve.mitre.org)
    mod_imagemap: Fix a cross-site scripting issue. Reported by JPCERT.

    A flaw was found in the mod_imap module. On sites where mod_imap is enabled and an imagemap file is publicly available, a cross-site scripting attack is possible.


Please see the CHANGES_2.0.63 file in this directory for a full list of changes for this version.

This release is compatible with modules compiled for 2.0.42 and later versions. We consider this release to be the best version of Apache 2.0 available and encourage users of all prior versions to upgrade.

This release includes the Apache Portable Runtime library suite release version 0.9.17, bundled with the tar and zip distributions. These libraries; libapr, libaprutil, and on Win32, libapriconv must all be updated to ensure binary compatibility and address many known platform bugs.

Apache HTTP Server 2.0.63 is available for download from

http://httpd.apache.org/download.cgi

Please see the CHANGES_2.0 file, linked from the above page, for a full list of changes. A condensed list, CHANGES_2.0.63 provides the complete list of changes since 2.0.61.

Apache 2.0 offers numerous enhancements, improvements, and performance boosts over the 1.3 codebase. For an overview of new features introduced after 1.3 please see

http://httpd.apache.org/docs/2.0/new_features_2_0.html

When upgrading or installing this version of Apache, please keep in mind the following: If you intend to use Apache with one of the threaded MPMs, you must ensure that the modules (and the libraries they depend on) that you will be using are thread-safe. Please refer to the documentation of these modules and libraries to obtain this information.

Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced after 2.0 please see

http://httpd.apache.org/docs/2.2/new_features_2_2.html

We consider Apache 2.2 to be the best available version at the time of this release. We offer Apache 2.0.63 as the best legacy version of Apache 2.0 available. Users should first consider upgrading to the current release of Apache 2.2 instead.

----

-- The Apache Software Foundation and The Apache HTTP Server Project

----

Project Info -- Apache HTTP Server

DOAP File

The Apache HTTP Server is an open-source HTTP server for modern operating systems including UNIX, MS-Windows, Macintosh and Netware. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Apache has been the most popular web server on the Internet since April of 1996.

Releases can be downloaded from http://httpd.apache.org/download.cgi

Project Websitehttp://httpd.apache.org/
Programming LanguagesC
Categoriesnetwork-server, http, httpd-module
Mailing Listshttp://httpd.apache.org/lists.html
Bug/Issue Trackerhttp://httpd.apache.org/bug_report.html
Project Management CommitteeApache HTTP Server

Access to the source code:

Browsehttp://svn.apache.org/viewcvs.cgi/httpd/httpd/
SVN Directhttp://svn.apache.org/repos/asf/httpd/httpd/
Posted by Tetsuya Kitahata at January 20, 2008 12:43 AM
http://www.apachenews.org/archives/001104.html
[ Category : Apache HTTP ] (PDF)(XML)