Het ontwikkelteam van het Apache HTTP Server Project heeft een nieuwe versie van de Apache-webserver uitgegeven. Deze server, die op veel platformen wordt gebruikt, is met behulp van modules van allerlei extra functies te voorzien. De nieuwe versie draagt het volgnummer 2.2.13 en is voorzien van de volgende aankondiging en lijst met aanpassingen:
The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.13 of the Apache HTTP Server ("Apache"). This version of Apache is principally a security and bug fix release. Notably, this version bundles the APR Library version 1.3.8 and APR Utility Library version 1.3.9, which address a security concern which may be triggered by some third party modules. We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.
Changes with Apache 2.2.13:
- SECURITY: CVE-2009-2412 (cve.mitre.org) Distributed with APR 1.3.8 and APR-util 1.3.9 to fix potential overflow in pools and rmm, where size alignment was taking place.
- mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas. Report warnings compiling mod_ssl against OpenSSL to the httpd developers.
- mod_cgid: Do not add an empty argument when calling the CGI script. PR 46380
- Fix potential segfaults with use of the legacy ap_rputs() etc interfaces, in cases where an output filter fails. PR 36780.
:strip_exif()/i/1248859594.gif?f=thumbmedium)