Make Homepage | Add To Favorites | Print Page | Submit News | Feedback | Contact | 

Your Technical Computer Information Resource!  

  Technical Updates @ TACKtech Corp.  

06.13.2008 - Apache Group: Apache HTTP Server 2.2.9

View Apache related news. The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

  • SECURITY: CVE-2008-2364 ( mod_proxy_http: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem, Joe Orton, Jim Jagielski]
  • SECURITY: CVE-2007-6420 ( mod_proxy_balancer: Prevent CSRF attacks against the balancer-manager interface.[Joe Orton]
  • core: Fix address-in-use startup failure on some platforms caused by creating an IPv4 listener which overlaps with an existing IPv6 listener.[Jeff Trawick]
  • mod_proxy: Make all proxy modules nocanon aware and do not add the query string again in this case. PR 44803. [Jim Jagielski, Ruediger Pluem]
  • mod_unique_id: Fix timestamp value in UNIQUE_ID. PR 37064 [Kobayashi ]
  • htpasswd: Fix salt generation weakness. PR 31440 [Andreas Krennmair , Peter Watkins , Paul Querna]
  • core: Add the filename of the configuration file to the warning message about the useless use of AllowOverride. PR 39992. [Darryl Miles ]
  • scoreboard: Remove unused proxy load balancer elements from scoreboard image (not scoreboard memory itself).[Chris Darroch]
  • mod_proxy: Support environment variable interpolation in reverse proxying directives. [Nick Kew]
  • suexec: When group is given as a numeric gid, validate it by looking up the actual group name such that the name can be used in log entries. PR 7862 [, Leif W ]
  • Fix garbled TRACE response on EBCDIC platforms. [David Jones ]
  • ab: Include earlier if available since we may need INT_MAX (defined there on Windows) for the definition of MAX_REQUESTS. PR 45024 [Ruediger Pluem]
  • ab: Improve client performance by clearing connection pool instead of destroying it. PR 40054 [Brad Roberts ]
  • ab: Don't stop sending a request if EAGAIN is returned, which will only happen if both the write and subsequent wait are returning EAGAIN, and count posted bytes correctly when the initial write of a request is not complete. PR 10038, 38861, 39679 [Patrick McManus , Stefan Fleiter , Davanum Srinivas, Roy T. Fielding]
  • ab: Overhaul stats collection and reporting to avoid integer truncation and time divisions within the test loop, retain native time resolution until output, remove unused data, consistently round milliseconds, and generally avoid losing accuracy of calculation due to type casts. PR 44878, 44931. [Roy T. Fielding]
  • ab: Add -r option to continue after socket receive errors. [Filip Hanik ]
  • core: Do not allow Options ALL if not all options are allowed to be overwritten. PR 44262 [Michal Grzedzicki ]
  • mod_cache: Handle If-Range correctly if the cached resource was stale. PR 44579 [Ruediger Pluem]
  • mod_proxy: Do not try a direct connection if the connection via a remote proxy failed before and the request has a request body. [Ruediger Pluem]
  • mod_proxy_ajp: Do not retry request in the case that we either failed to sent a part of the request body or if the request is not idempotent. PR 44334 [Ruediger Pluem]
  • mod_rewrite: Initialize hash needed by ap_register_rewrite_mapfunc early enough. PR 44641 [Daniel Lescohier ]
  • mod_dav: Return "method not allowed" if the destination URI of a WebDAV copy / move operation is no DAV resource. PR 44734 [Ruediger Pluem]
  • http_filters: Don't return 100-continue on redirects. PR 43711 [Ruediger Pluem]
  • mod_ssl: Fix a memory leak with connections that have zlib compression turned on. PR 44975 [Joe Orton, Amund Elstad , Dr Stephen Henson ]
  • mod_proxy: Trigger a retry by the client in the case we fail to read the response line from the backend by closing the connection to the client. PR 37770 [Ruediger Pluem]
  • gen_test_char: add double-quote to the list of T_HTTP_TOKEN_STOP. PR 9727 [Ville Skytt ]
  • core: reinstate location walk to fix config for subrequests PR 41960 [Jose Kahan ]
  • rotatelogs: Log the current file size and error code/description when failing to write to the log file.[Jeff Trawick]
  • rotatelogs: Added '-f' option to force rotatelogs to create the logfile as soon as started, and not wait until it reads the first entry. [Jim Jagielski]
  • rotatelogs: Don't leak memory when reopening the logfile. PR 40183 [Ruediger Pluem, Takashi Sato ]
  • rotatelogs: Improve atomicity when using -l and cleaup code. PR 44004 [Rainer Jung]
  • mod_authn_dbd: Disambiguate and tidy database authentication error messages.PR 43210.[Chris Darroch, Phil Endecott ]
  • mod_headers: Add 'merge' option to avoid duplicate values within the same header. [Chris Darroch]
  • mod_cgid: Explicitly set permissions of the socket (ScriptSock) shared by mod_cgid and request processing threads, for OS'es such as HPUX and AIX that do not use umask for AF_UNIX socket permissions. [Eric Covener, Jeff Trawick]
  • mod_cgid: Don't try to restart the daemon if it fails to initialize the socket.[Jeff Trawick]
  • mod_log_config: Add format options for %p so that the actual local or remote port can be logged.PR 43415.[Adam Hasselbalch Hansen , Ruediger Pluem, Jeff Trawick]
  • Added 'disablereuse' option for ProxyPass which, essentially, disables connection pooling for the backend servers. [Jim Jagielski]
  • mod_speling: remove regression from 1.3/2.0 behavior and drop dependency between mod_speling and AcceptPathInfo. PR 43562 [Jose Kahan ]
  • mod_substitute: The default is now flattening the buckets after each substitution. The newly added 'q' flag allows for the quicker, more efficient bucket-splitting if the user so desires. [Jim Jagielski]
  • http_filters: Don't spin if get an error when reading the next chunk. PR 44381 [Ruediger Pluem]
  • ab: Do not try to read non existing response bodies of HEAD requests. PR 34275 [Takashi Sato ]
  • ab: Use a 64 bit unsigned int instead of a signed long to count the bytes transferred to avoid integer overflows. PR 44346 [Ruediger Pluem]
  • ProxyPassReverse is now balancer aware. [Jim Jagielski]
  • mod_include: Correctly handle SSI directives split over multiple filter passes.PR 44447 [Harald Niesche ]
  • mod_cache: Revalidate cache entities which have Cache-Control: no-cache set in their response headers. PR 44511 [Ruediger Pluem]
  • mod_rewrite: Check all files used by DBM maps for freshness, mod_rewrite didn't pick up on updated sdbm maps due to this. PR41190 [Niklas Edmundsson]
  • mod_proxy: Lower memory consumption for short lived connections. PR 44026. [Ruediger Pluem]
  • mod_proxy: Keep connections to the backend persistent in the HTTPS case. [Ruediger Pluem]
  • Don't add bogus duplicate Content-Language entries PR 11035 [Davi Arnaut]
  • Worker / Event MPM: Fix race condition in pool recycling that leads to segmentation faults under load.PR 44402 [Basant Kumar Kukreja ]
  • mod_proxy_ftp: Fix base for directory listings. PR 27834 [Nick Kew]
  • mod_logio: Provide optional function to allow modules to adjust the bytes_in count [Eric Covener]
  • http_filters: Don't return 100-continue on client error PR 43711 [Chetan Reddy ]
  • mod_charset_lite: Add TranslateAllMimeTypes sub-option to CharsetOptions, allowing the administrator to skip the mimetype checking that precedes translation. PR 44458 [Eric Covener]
  • mod_proxy_http: Fix processing of chunked responses if Connection: Transfer-Encoding is set in the response of the proxied system. PR 44311 [Ruediger Pluem]
  • mod_proxy_http: Return HTTP status codes instead of apr_status_t values for errors encountered while forwarding the request body PR 44165 [Eric Covener]
  • mod_rewrite: Don't canonicalise URLs with [P,NE] PR 43319 []
- Download Apache HTTP Server
- View Release Notes
- View Additional Information
- Visit Apache Group

NID: 22426 / Submitted by: TACKtech Team
Categories: Internet Applications, Open Source, Server Applications
Most recent Apache related news.
Apache Group: Apache HTTP Server 1.3.42 (final release of 1.3.x)
Apache Group: Apache HTTP Server 2.2.11
Apache Group: Apache HTTP Server 2.2.10
Apache Group: Apache HTTP Server 2.2.9
Apache Group: Apache HTTP Server 1.3.41
View archive of Apache related news.
  Popular Tech News  
  Most Viewed News  
  Top Affiliates