Apache 1.3.23 Released

meheler writes "Looks like the Apache Group have released version 1.3.23 of their popular web server. Here's a link to the Official Announcement as well as where you can download it, and even view the ChangeLog."

(sigh) I feel like the Dunkin Donuts guy

[prisoner-of-enigma]

"It's time to roll Apache"...almost as good as "It's time to make the kernel".

What I want to know is why Apache 2.0 hasn't made anymore beta progress in the last month or two than it has. Mind you, it's coming along, but it seems to have been in beta a long, long time. How are they coming with it? The bug tracking list doesn't ever seem to shrink much.

Re:(sigh) I feel like the Dunkin Donuts guy

[DarkKnightRadick]

For real. Last I read on the Apache site, 1.3.22 was supposed to be the last 1.x release of Apache before they went full bore with 2.0. Come on Apache, fix me up with some 2.0 goodness!

Re:(sigh) I feel like the Dunkin Donuts guy

[cloudmaster]

There seem to be a lot of win32 changes recently - I wonder if they're trying to get the codebase more cross-platform stable before releasing a non-beta 2.0? Of course, there were almost no changes in the .22 release, so maybe this .23 is what should've been .22. :)

Re:(sigh) I feel like the Dunkin Donuts guy

[5alligator]

They want to make sure that code red works properly before they push 2.0 out the door.

Go apache!

Apache ports...

[Mixailo]

btw, what 'bout Apache ports for cygwin?

Re:Apache ports...

[DarkKnightRadick]

go here http://www.apache.org/dist/httpd/binaries/cygwin/ for the latest cygwin port of Apache. Doesn't look like there is much there, though.

Why would you want that?

[fireboy1919]

I was under the impression that Apache without Cygwin was faster, better, and more secure.

Why would you want to use the cygwin version?

CAN-2001-0731

[Anonymous Coward]

According to the ChangeLog, vulnerability CAN-2001-0731 is present in Apache 1.3.20, and fixed in 1.3.21. Has anyone managed to reproduce this vulnerability? If so, how? The examples given in the vulnerability report don't seem to work.

We use 1.3.20 at work. It works very well, and I don't want to upgrade unless I really have to, but this is a potentially bad security hole for us.

Just in case, I've disabled MultiViews for now. We'll have to turn it on again in a month or so, unless I can code up a fix for some of our instruments so that they no longer rely on it.

This is the link to CAN-2001-0731 [mitre.org]

-- Guges --

Re:CAN-2001-0731

[DarkKnightRadick]

I would go ahead and upgrade to 1.3.23

Any upgrade that fixes a security hole is an upgrade worth getting, IMHO, especially if security is an issue.