Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Je kunt ook een cookievrije versie van de website bezoeken met minder functionaliteit. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 11 reacties, 803 views •
Bron: Apache.org, submitter: BrZ

Naast Apache 1.3.29 is er ook een nieuwe versie uitgebracht van de 2.0-branche. In deze release wordt eveneens de bug opgelost die voor een buffer overflow kan zorgen in mod_alias en mod_rewrite. Daarnaast worden ook nog enkele schoonheidsfouten uit het programma gevist. De volgende veranderingen zijn van toepassing op 2.0.48:

Apache 2.0.48 Major changes
    Security vulnerabilities closed since Apache 2.0.47
    • SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of the AF_UNIX socket used to communicate with the cgid daemon and the CGI script. [Jeff Trawick]
    • SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. [André Malo]
    Bugs fixed and features added since Apache 2.0.47
    • mod_include: fix segfault which occured if the filename was not set, for example, when processing some error conditions. PR 23836. [Brian Akins , André Malo]
    • fix the config parser to support .. containers (no arguments in the opening tag) supported by httpd 1.3. Without this change mod_perl 2.0's sections are broken. ["Philippe M. Chiasson" ]
    • mod_cgid: fix a hash table corruption problem which could result in the wrong script being cleaned up at the end of a request. [Jeff Trawick]
    • Update httpd-*.conf to be clearer in describing the connection between AddType and AddEncoding for defining the meaning of compressed file extensions. [Roy Fielding]
    • mod_rewrite: Don't die silently when failing to open RewriteLogs. PR 23416. [André Malo]
    • mod_rewrite: Fix mod_rewrite's support of the [P] option to send rewritten request using "proxy:". The code was adding multiple "proxy:" fields in the rewritten URI. PR: 13946. [Eider Oliveira ]
    • cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and expires as directed in RFC 2616. [Thomas Castelle ]
    • Ensure that ssl-std.conf is generated at configure time, and switch to using the expanded config variables to work the same as httpd-std.conf PR: 19611 [Thom May]
    • mod_ssl: Fix segfaults after renegotiation failure. PR 21370 [Hartmut Keil ]
    • mod_autoindex: If a directory contains a file listed in the DirectoryIndex directive, the folder icon is no longer replaced by the icon of that file. PR 9587. [David Shane Holden ]
    • Fixed mod_usertrack to not get false positive matches on the user-tracking cookie's name. PR 16661. [Manni Wood ]
    • mod_cache: Fix the cache code so that responses can be cached if they have an Expires header but no Etag or Last-Modified headers. PR 23130. [bjorn@exoweb.net]
    • mod_log_config: Fix %b log format to write really "-" when 0 bytes were sent (e.g. with 304 or 204 response codes). [Astrid Keßler]
    • Modify ap_get_client_block() to note if it has seen EOS. [Justin Erenkrantz]
    • Fix a bug, where mod_deflate sometimes unconditionally compressed the content if the Accept-Encoding header contained only other tokens than "gzip" (such as "deflate"). PR 21523. [Joe Orton, André Malo]
    • Avoid an infinite recursion, which occured if the name of an included config file or directory contained a wildcard character. PR 22194. [André Malo]
    • mod_ssl: Fix a problem setting variables that represent the client certificate chain. PR 21371 [Jeff Trawick]
    • Unix: Handle permissions settings for flock-based mutexes in unixd_set_global|proc_mutex_perms(). Allow the functions to be called for any type of mutex. PR 20312 [Jeff Trawick]
    • ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
    • Fix a misleading message from the some of the threaded MPMs when MaxClients has to be lowered due to the setting of ServerLimit. [Jeff Trawick]
    • Lower the severity of the "listener thread didn't exit" message to debug, as it is of interest only to developers. PR 9011 [Jeff Trawick]
    • MPMs: The bucket brigades subsystem now honors the MaxMemFree setting. [Cliff Woolley, Jean-Jacques Clar]
    • Install config.nice into the build/ directory to make minor version upgrades easier. [Joshua Slive]
    • Fix mod_deflate so that it does not call deflate() without checking first whether it has something to deflate. (Currently this causes deflate to generate a fatal error according to the zlib spec.) PR 22259. [Stas Bekman]
    • mod_ssl: Fix FakeBasicAuth for subrequest. Log an error when an identity spoof is encountered. [Sander Striker]
    • mod_rewrite: Ignore RewriteRules in .htaccess files if the directory containing the .htaccess file is requested without a trailing slash. PR 20195. [André Malo]
    • ab: Overlong credentials given via command line no longer clobber the buffer. [André Malo]
    • mod_deflate: Don't attempt to hold all of the response until we're done. [Justin Erenkrantz]
    • Assure that we block properly when reading input bodies with SSL. PR 19242. [David Deaves , William Rowe]
    • Update mime.types to include latest IANA and W3C types. [Roy Fielding]
    • mod_ext_filter: Set additional environment variables for use by the external filter. PR 20944. [Andrew Ho, Jeff Trawick]
    • Fix buildconf errors when libtool version changes. [Jeff Trawick]
    • Remember an authenticated user during internal redirects if the redirection target is not access protected and pass it to scripts using the REDIRECT_REMOTE_USER environment variable. PR 10678, 11602. [André Malo]
    • mod_include: Fix a trio of bugs that would cause various unusual sequences of parsed bytes to omit portions of the output stream. PR 21095. [Ron Park , André Malo, Cliff Woolley]
    • Update the header token parsing code to allow LWS between the token word and the ':' seperator. [PR 16520] [Kris Verbeeck , Nicel KM ]
    • Eliminate creation of a temporary table in ap_get_mime_headers_core() [Joe Schaefer ]
    • Added FreeBSD directory layout. PR 21100. [Sander Holthaus , André Malo]
    • Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP response. PR 21085. [Glenn Nielsen , André Malo]
    • mod_rewrite: Perform child initialization on the rewrite log lock. This fixes a log corruption issue when flock-based serialization is used (e.g., FreeBSD). [Jeff Trawick]
    • Don't respect the Server header field as set by modules and CGIs. As with 1.3, for proxy requests any such field is from the origin server; otherwise it will have our server info as controlled by the ServerTokens directive. [Jeff Trawick]
    [break]De update is beschikbaar voor de volgende OS'en:
    *MacOS X Darwin
    *MacOS X
    *Novell Netware
    *Windows 9x/Me/2k/XP
    *Linux x86

Reacties (11)

Reactiefilter:-111011+18+25+30
Moderatie-faq Wijzig weergave
Even een paar opmerkingen:
* Apache httpd wordt niet onder de GNU GPL uitgebracht, maar onder de Apache Software License, een op de BSD/X11 gelijkende licentie. (Hebben de nieuwsposters hun huiswerk wel goed gedaan, of staat open source bij Tweakers gelijk aan GPL? - ik heb eenzelfde fout al eens eerder bij het berichten over een nieuwe Mozilla release gezien...)
* PHP is wel een project van de 'Apache Software Foundation'
* PHP is wel een project van de 'Apache Software Foundation'

Nee, de php invoeg module wel :P
Kijk eerst eens op de site van Apache zelf voor je wat zegt. PHP is een project van de ASF. Dat het een eigen site heeft doet daar niets aan af.
dat linux en andere unix(-like) OS-en er niet bij staan, betekend dat ie daar niet voor gereleased is?
PHP is niet van de Apache group.
PHP is tegenwoordig wel degelijk een Apache foundation project, kijk maar in deze lijst:

http://apache.org/foundation/projects.html
Apache.org released er flink op los (PHP 4.3.4RC2, PHP 5.0 beta 2, en 2x Apache).

Ik zal binnenkort gaan testen met 2.0.48 + PHP 5.0, eens kijken of dat goed werkt.
PHP is niet van apache.org ;)

overbodig?
yeah right :(
Gister gelijk ff geupgrade van 2.0.48 naar 2.0.49
Gelijk werken en zo moet het ook.

Op dit item kan niet meer gereageerd worden.



HTC One (M9) Samsung Galaxy S6 Grand Theft Auto V Microsoft Windows 10 Apple iPad Air 2 FIFA 15 Motorola Nexus 6 Apple iPhone 6

© 1998 - 2015 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True