Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Apache Software

Apache 2.0.45 Released 35

Posted by michael from the better-than-okra dept.
thx2001r writes "Well, it's no longer April 1st across the contiguous United States, so the coast is clear to say Apache 2.0.45 is released. This version contains two important security fixes and a number of bug fixes. The security fixes affect all platforms and versions of Apache 2.0.x up until this update with some special caveats for the 2.0.45 OS/2 release. It looks like the first security vulnerability addressed in this eighth public release of the Apache 2.0.x series is having its details witheld until April 8th. This is being called "a significant Denial of Service vulnerability" for Apache 2.0.x by the ASF."
This discussion has been archived. No new comments can be posted.

Apache 2.0.45 Released More

Apache 2.0.45 Released

Comments Filter:

  • Soo... When can NT users use this? (Score:3, Interesting)

    by Eneff ( 96967 ) on Wednesday April 02, 2003 @10:49AM (#5644607)
    I mean, when will SSL support be ported for Apache 2?

    Last time I tried to compile SSL support from scratch it was a nightmare of errors...
    • when will SSL support be ported for Apache 2?
      FYI, SSL support is builtin (apache.org) [apache.org] now.

    • Re:Soo... When can NT users use this? (Score:5, Informative)

      by thx2001r ( 635969 ) on Wednesday April 02, 2003 @01:59PM (#5646012) Homepage

      Well, I've been using Apache 2.0.x Mod_SSL OpenSSL since, Apache 2.0.35, on Windows NT 5 (Win2k). Get a compiler the instructions are available publicly.

      The only reason it is not pre-compiled for binary release (win32) with OpenSSL by Apache Group is legal concerns over strong encryption:

      "This version is only available at present in a -no_ssl flavor, due to ongoing questions of strong crypto redistribution. When a binary build with mod_ssl compiled in is made available, the -no_ssl flavor will remain as an option for those in jurisdictions that restrict ssl encryption, as well as those T8 prohibited from downloading from the ASF's US-based servers." Source: [apache.org]

      Apache 2.0.44 and the latest OpenSSL 0.9.7a were, well, a bit of a challenge to compile, but it's done (and that was mostly to do with OpenSSL 0.9.7a). Now on to 2.0.45!

      • Update: In Win32, the compiled 2.0.44 mod_ssl.so (DSO) works just fine with the Apache Group 2.0.45 MSI installer package. Just add the DSO, your conf file(s), OpenSSL keys, and you're good to go!

        Looks like the API is actually remaining stable (as advertised) at least in Win32, in mod_ssl! Way to go Apache Group!!!

  • PHP4 with Apache2? (Score:2, Interesting)

    by shagymoe ( 261297 )
    Anyone know if it is safe to stick my php4 toe in the Apache2 water? I've heard some bad stories about php4 with Apache2 so I'm sticking with 1.3.27 right now with php4.3.1.

    • Re:PHP4 with Apache2? (Score:4, Informative)

      by bodgit ( 658527 ) on Wednesday April 02, 2003 @02:04PM (#5646064)
      I've been running PHP 4.2.3 with Apache 2.0.43+ and there haven't been any problems so far. I've kept the PHP options to a minimum to get Horde [horde.org]/Imp [horde.org] working, so there may be some adventurous settings that will still cause problems.

    • PHP4 with Apache2: YES! (Score:4, Informative)

      by dananderson ( 1880 ) on Wednesday April 02, 2003 @02:17PM (#5646204) Homepage
      Most problems seem to be caused by those who use the Apache MT model with thread-unsafe libraries that PHP may link in.

      Stick with the classic (Apache 1.x) prefork MPM model and you'll be a lot safer. YMMV.

      I have a writeup on using PHP with Apache 2 at http://dan.drydog.com/apache2php.html [drydog.com]

    • Re:PHP4 with Apache2? (Score:4, Informative)

      by Malcolm Scott ( 567157 ) on Wednesday April 02, 2003 @02:45PM (#5646444) Homepage
      I've been using Apache 2.0.44 with PHP 4.3.1 for a while on a Gentoo-based server, and I've had no problem at all. Works like a treat.

      The PHP team needed to do a bit of code tweaking to make PHP fit into the Apache 2 module format (APXS2) - so initially, as you say, PHP support for Apache 2 was very bad/nonexistant. But that work has been completed AFAIK, so any recent PHP version should work fine with Apache 2.
    • I'm running Apache 2.0.44 w/ PHP 4.3.0 on Windows XP Pro and have not had any problems. with it. When I first set it up, I had some random crashes, but that turned out to be my software firewall. Since I've uninstalled it, no problems.
    • Actually, yes. mod_php even works quite well. Been running our company web server on Apache2/PHP4/mod_php for a little over a year now, with _zero_ problems. Current setup is Apache 2.0.44/PHP4.3.1/mod_php.
    • It's fine... i have been using php4.x(aip) and Apache2.x for half a year now on multiple OS(RH8, winXP(home), win2k(Server))... works like a charm.... ocazinal problem if you like me DLing the lates versions... the configuration use to be triky but now they got it worked out...
  • Hmm, just a DOS vulnerability.

    To upgrade my 2.0.44 box, I'll have to bring it down... So it's better to wait for the first attack and when it stops, upgrade it. It will be down only once then.

    Maybe i'll compile the 45 version, and install it automatically when the current httpd exits...
  • Last I tried, PHP4 (4.3.0 i think it was) on Apache 2.0.43 did not support the XML compliant way of jumping into the PHP interpreter (ie. "", rather than the more common way "?php". Has anyone else noticed this issue?
  • Last I tried, PHP4 (4.3.0 i think it was) on Apache 2.0.43 did not support the XML compliant way of jumping into the PHP interpreter (ie. "SCRIPT LANGUAGE="PHP", rather than the more common way "?php". Has anyone else noticed this issue?

Slashdot Top Deals

To the landlord belongs the doorknobs.

Close