Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Door , , 13 reacties
Bron: Apache Software Foundation, submitter: Spleasure

Apache logo (45 pix) Het ontwikkelteam van het Apache HTTP Server Project heeft een nieuwe versie uitgegeven van hun HTTP-serversoftware in de 1.3-, 2.0- en 2.2-serie. Deze webserver wordt op veel platformen gebruikt en is met behulp van modules van allerlei functionaliteiten te voorzien. Voor meer informatie over de veranderingen verwijzen we naar de afzonderlijke aankondigingen voor versies 1.3.35, 2.0.58 en 2.2.2. Hieronder hebben we voor het gemak de changelogs van de drie versies op een rijtje gezet:

Changes with Apache 1.3.35
  • SECURITY: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT.
  • core: Allow usage of the "Include" configuration directive within previously "Include"d files.
  • HTML-escape the Expect error message. Not classed as security as an attacker has no way to influence the Expect header a victim will send to a target site. Reported by Thiago Zaninotti .
  • mod_cgi: Remove block on OPTIONS method so that scripts can respond to OPTIONS directly rather than via server default.
Changes with Apache 2.0.58 since 2.0.55
  • SECURITY: CVE-2005-3357 (cve.mitre.org) mod_ssl: Fix a possible crash during access control checks if a non-SSL request is processed for an SSL vhost (such as the "HTTP request received on SSL port" error message when an 400 ErrorDocument is configured, or if using "SSLEngine optional"). PR 37791.
  • SECURITY: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT.
  • Legal: Restored original years in copyright notices.
  • mod_cgid: run the get_suexec_identity hook within the request-handler instead of within cgid. PR 36410.
  • core: Prevent read of unitialized memory in ap_rgetline_core. PR 39282.
  • mod_proxy: Report the proxy server name correctly in the "Via:" header, when UseCanonicalName is Off. PR 11971.
  • mod_isapi: Various trivial code-fixes to permit mod_isapi to load and run on Unix.
  • HTML-escape the Expect error message. Not classed as security as an attacker has no way to influence the Expect header a victim will send to a target site. Reported by Thiago Zaninotti .
  • Add APR/APR-Util Compiled and Runtime Version numbers to the output of 'httpd -V'.
  • Ensure that the proper status line is written to the client, fixing incorrect status lines caused by filters which modify r->status without resetting r->status_line, such as the built-in byterange filter.
  • Default handler: Don't return output filter apr_status_t values. PR 31759.
  • mod_speling: Stop crashing with certain non-file requests.
  • keep the Content-Length header for a HEAD with no response body. PR 18757
  • Modify apr[util] .h detection to avoid breakage on VPATH builds using Solaris make (amoung others) and avoid breakage in ./buildconf when srclib/apr[-util] are symlinks rather than directories proper.
  • Avoid server-driven negotiation when a CGI script has emitted an explicit "Status:" header. PR 38070.
  • mod_log_config now logs all Set-Cookie headers if the %{Set-Cookie}o format is used. PR 27787.
  • mod_cgid: Refuse to work on Solaris 10 due to OS bugs. PR 34264.
  • mod_cache: Correctly handle responses with a 301 status. PR 37347.
  • mod_proxy_http: Prevent data corruption of POST request bodies when client accesses proxied resources with SSL. PR 37145.
  • Elimiated the NET_TIME filter, restructuring the timeout logic. This provides a working mod_echo on all platforms, and ensures any custom protocol module is at least given an initial timeout value based on the context's Timeout directive.
  • mod_ssl: Correct issue where mod_ssl does not pick up the ssl-unclean-shutdown setting when configured. PR 34452.
  • Document the ReceiveBufferSize change done in r157583.
  • mod_deflate: Merge the Vary header, instead of Setting it. Fixes applications that send the Vary Header themselves. PR 37559.
  • mod_dav: Fix a null pointer dereference in an error code path during the handling of MKCOL.
  • mod_mime_magic: Handle CRLF-format magic files so that it works with the default installation on Windows.
  • Write message to error log if AuthGroupFile cannot be opened. PR 37566.
  • Add ReceiveBufferSize directive to control the TCP receive buffer.
  • mod_cache: Fix 'Vary: *' behavior to be RFC compliant. PR 16125.
  • Remove the base href tag from proxy_ftp, as it breaks relative links for clients not using an Authorization header.
  • http_request.c: Add missing va_end call.
  • Add httxt2dbm to support/ for creating RewriteMap DBM Files.
  • support/check_forensic: Fix temp file usage
  • Chunk filter: Fix chunk filter to create correct chunks in the case that a flush bucket is surrounded by data buckets.
  • mod_cgi(d): Remove block on OPTIONS method so that scripts can respond to OPTIONS directly rather than via server default.
  • Added new module mod_version, which provides version dependent configuration containers.
  • Add core version query function (ap_get_server_revision) and accompanying ap_version_t structure (minor MMN bump).
Changes with Apache 2.2.2
  • mod_deflate: work correctly in an internal redirect
  • mod_proxy_balancer: Initialize members of a balancer correctly. PR 38227.
  • mod_proxy: Do not release connections from connection pool twice. PR 38793.
  • core: Prevent reading uninitialized memory while reading a line of protocol input. PR 39282.
  • mod_dbd: Update defaults, improve error reporting.
  • mod_dbd: Create own pool and mutex to avoid problem use of process pool in request processing.
  • HTML-escape the Expect error message. Not classed as security as an attacker has no way to influence the Expect header a victim will send to a target site. Reported by Thiago Zaninotti .
  • htdbm: Fix crash processing -d option in 64-bit mode on HP-UX.
  • htdbm: Warn the user when adding a plaintext password on a platform where it wouldn't work with the server (i.e., anywhere that has crypt()).
  • mod_proxy: don't reuse a connection that may be to the wrong backend PR 39253
  • Default handler: Don't return output filter apr_status_t values. PR 31759.
[break]
Apache logo (groot)
Moderatie-faq Wijzig weergave

Reacties (13)

Van versie 2.2.2 is alleen nog geen Windows installer te vinden op http://apache.mirror.nedlinux.nl/dist/httpd/binaries/win32
De nieuwste versie is hier 2.0.58.

Deze werkt overigens als een zonnetje hier lokaal :)
Weet men al wanneer ik de windows versie van 2.2.2 of 2.0.85 kan downloaden?
www.apachelounge.com voor al je windows binaries.
Dat is inderdaad een handige link. Zou tweakers van deze versie (2.2.2) geen mirror kunnen maken?
Ik ben juist net overgestapt op Lighttpd (lighty) omdat Apache zo gruwelijk veel {updates/security fixes/configuratie hell} heeft...

Ik draai maar een paar php/mysql sites thuis op een P3/256MB machine en Lighty is dan toch wel een heel stuk sneller en neemt stukken minder geheugen in beslag!

One and a half years after doing the benchmarks below I took my heart and benchmarked apache2 with the shipped highperformance.conf (no logs, no modules, enough processes) using the same benchmark as below.

Apache 2.0.x is a rewrite of Apache 1.3.x and should be a big performance improvement over the old code.

Really ? Against Apache 1.3.x it is a improvement of 50% but lighttpd is still 2-3 times faster.


bron
blijk ook alleen maar het subjectief interpreteren van benchmarks te zijn

http://journal.paul.quern...unking-lighttpd?postid=82

net zo subjectief als deze.
en Lighty is dan toch wel een heel stuk sneller en neemt stukken minder geheugen in beslag!
En hoeveel sneller is jouw site dan precies nu die geserveerd wordt door Lighty?
Configuratie hell ???

Hmm dan moet je je er misschien eens in verdiepen...

Lighttpd legt het overigens ook weer af tegen litespeed qua performance en zeker qua features...
Waarom worden er drie versies van deze software bijgehouden?
Omdat 2.2 gloednieuw is, de meeste controlpanels alleen 1.3 ondersteunen en 2.0 veel gebruikt wordt door anderen. ;)
Voor zover ik weet kun je met de meeste panels ook gewoon Apache 2.0 draaien, in elk geval met Plesk en Directadmin.

Op dit item kan niet meer gereageerd worden.



Apple iOS 10 Google Pixel Apple iPhone 7 Sony PlayStation VR AMD Radeon RX 480 4GB Battlefield 1 Google Android Nougat Watch Dogs 2

© 1998 - 2016 de Persgroep Online Services B.V. Tweakers vormt samen met o.a. Autotrack en Carsom.nl de Persgroep Online Services B.V. Hosting door True