Apache 2.0.45 Released 35
thx2001r writes "Well, it's no longer April 1st across the contiguous United States, so the coast is clear to say Apache 2.0.45 is released. This version contains two important security fixes and a number of bug fixes. The security fixes affect all platforms and versions of Apache 2.0.x up until this update with some special caveats for the 2.0.45 OS/2 release. It looks like the first security vulnerability addressed in this eighth public release of the Apache 2.0.x series is having its details witheld until April 8th. This is being called "a significant Denial of Service vulnerability" for Apache 2.0.x by the ASF."
Soo... When can NT users use this? (Score:3, Interesting)
Last time I tried to compile SSL support from scratch it was a nightmare of errors...
Re:Soo... When can NT users use this? (Score:5, Informative)
Re:Soo... When can NT users use this? (Score:5, Informative)
Well, I've been using Apache 2.0.x Mod_SSL OpenSSL since, Apache 2.0.35, on Windows NT 5 (Win2k). Get a compiler the instructions are available publicly.
The only reason it is not pre-compiled for binary release (win32) with OpenSSL by Apache Group is legal concerns over strong encryption:
"This version is only available at present in a -no_ssl flavor, due to ongoing questions of strong crypto redistribution. When a binary build with mod_ssl compiled in is made available, the -no_ssl flavor will remain as an option for those in jurisdictions that restrict ssl encryption, as well as those T8 prohibited from downloading from the ASF's US-based servers." Source: [apache.org]
Apache 2.0.44 and the latest OpenSSL 0.9.7a were, well, a bit of a challenge to compile, but it's done (and that was mostly to do with OpenSSL 0.9.7a). Now on to 2.0.45!
Re:Soo... When can NT users use this? (Score:2, Interesting)
Looks like the API is actually remaining stable (as advertised) at least in Win32, in mod_ssl! Way to go Apache Group!!!
PHP4 with Apache2? (Score:2, Interesting)
Re:PHP4 with Apache2? (Score:4, Informative)
PHP4 with Apache2: YES! (Score:4, Informative)
Stick with the classic (Apache 1.x) prefork MPM model and you'll be a lot safer. YMMV.
I have a writeup on using PHP with Apache 2 at http://dan.drydog.com/apache2php.html [drydog.com]
Re:PHP4 with Apache2? (Score:4, Informative)
The PHP team needed to do a bit of code tweaking to make PHP fit into the Apache 2 module format (APXS2) - so initially, as you say, PHP support for Apache 2 was very bad/nonexistant. But that work has been completed AFAIK, so any recent PHP version should work fine with Apache 2.
Re:PHP4 with Apache2? (Score:2)
Re:PHP4 with Apache2? (Score:2)
Re:PHP4 with Apache2? (Score:1)
When they bring it down (Score:1)
To upgrade my 2.0.44 box, I'll have to bring it down... So it's better to wait for the first attack and when it stops, upgrade it. It will be down only once then.
Maybe i'll compile the 45 version, and install it automatically when the current httpd exits...
Re:Damnit! (Score:1)
I used the compiled mod_ssl from 2.0.44 on 2.0.45... this is on the Win2k Apache. In this case, mod_ssl 2.0.44 openssl 0.9.7a win32.
It looks like the modules really DON'T have to be recompiled all the time... hopefully, the vulnerabilities don't extend to the mod_ssl 2.0.44 code as well... sigh.
Re:Damnit! (Score:1)
I assume you are referring to the new versions of OpenSSL released? I do not know for a fact that the OpenSSL release affects Mod_SSL releases, particularly since Mod_SSL for 2.0.x is related to ASF releases of Apache 2.0.x.
Someone please correct me if I'm drastically wrong here regarding Apache 2.0.x and Mod_SSL 2.0.x (and point me to t
PHP4 & Apache 2.0.43 not accepting tags (Score:1)
Apache 2.0.43 & php 4.3.0 not accepting SCRIPT (Score:1)