Security vulnerabilities closed since Apache 2.0.42
Fixed the security vulnerability noted in CAN-2002-0840 (cve.mitre.org) regarding a cross-site scripting vulnerability in the default error page when using wildcard DNS. Prevent POST requests for CGI scripts from serving the source code when DAV is enabled on the location.
Bugs fixed since Apache 2.0.42
Fixed a core dump in mod_cache when it attemtped to store uncopyable buckets, such as a file containing SSI tags to execute a CGI script. Ensured that output already available is flushed to the network to help some streaming CGIs and other dynamically-generated content. Fixed a mutex problem in mod_ssl dbm session cache support. Allow the UserDir directive to accept a list of directories, as in 1.3. Changed SuExec to use the same default directory as the rest of the server, e.g. /usr/local/apache2. Retry connections with mod_auth_ldap on LDAP_SERVER_DOWN errors. Pass the WWW-Authenticate header on a 4xx responses from the proxy. Fixed mod_cache's CacheMaxStreamingBuffer directive within virtual hosts. Add -p option to apxs to allow programs to be compiled with apxs.