Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Internet Software Apache

Apache 2.0.50 Released 40

Gruturo writes "The Apache Software Foundation just released version 2.0.50, which, apart from the usual incremental improvements and bug fixes, addresses security vulnerabilities such as CAN-2004-0493 (Memory leak which could lead to resource depletion == DoS) and CAN-2004-0488 (a mod_ssl buffer overflow). Be kind to their servers and use a mirror."
This discussion has been archived. No new comments can be posted.

Apache 2.0.50 Released

Comments Filter:
  • Safe to upgrade yet? (Score:1, Informative)

    by Anonymous Coward
    I'm still using 1.3.31. php working okay these days? How about php 5?
    • by a.koepke ( 688359 ) on Thursday July 01, 2004 @02:53AM (#9579289)
      I am using PHP 5 and works great. The trick is to compile Apache using the prefork MPM.

      Quote from http://httpd.apache.org/docs-2.0/mod/prefork.html [apache.org]

      This Multi-Processing Module (MPM) implements a non-threaded, pre-forking web server that handles requests in a manner similar to Apache 1.3. It is appropriate for sites that need to avoid threading for compatibility with non-thread-safe libraries. It is also the best MPM for isolating each request, so that a problem with a single request will not affect any other.

      Using Apache 2 in this method will make it work perfectly with PHP.
      • by Fweeky ( 41046 )
        A better trick is to compile PHP using the FastCGI SAPI and Apache 2 with the perfectly fine mod_fastcgi. Lets you spread PHP across machines, lets you jail/chroot PHP seperate from Apache, lets you run fewer copies of PHP (which also reduces database connections), and lets you change webserver or language with minimal impact on the other.

        And yes, mmcache and friends work fine in FastCGI mode.
    • PHP+Apache2 is "working OK"...

      Just not well enough to sign off an enterprise solution on...

      Check out these links for more details...
      PHP-Dev Mailing list discussion [theaimsgroup.com]
      Discussion on PHP buglist [php.net]
      as well as a more tongue-in-cheek reply... [php.net]
      • by Bronster ( 13157 ) <slashdot@brong.net> on Thursday July 01, 2004 @09:44AM (#9581316) Homepage
        just not well enough to sign off an enterprise solution on...

        I wouldn't sign off an enterprise solution on PHP full stop. Vile language.

        So says someone who did some work on Squirrelmail [squirrelmail.org] a little while back - man it sucks trying to support all the little incompatibilities and changing defaults and changing configurations everywhere. When you're undoing an automatic quote of variables depending on a guess from some other variables you know you've got "Visual Basic for da interweb" - except with a less stable API.

        That and the separate functions per DB type which caused all+dog to write their own copy of Perl's DBI in PHP before Pear came along.

        It might be an OK language for developping small stand-alone web apps, or a web app which runs on one infrastructure that you control and validate - but it's not a language for writing stuff you can install on any webhost and expect a complex app to keep working across versions.

        *grumble*

        • "...but it's not a language for writing stuff you can install on any webhost and expect a complex app to keep working across versions."

          well I have been doing just that with a quite large app (200 000+ lines of php code) and it has been working out just fine.

          odd, that.
          • well I have been doing just that with a quite large app (200 000+ lines of php code) and it has been working out just fine.

            How many installations? What sort of app? Do you ever install it on systems where you can't insist that PHP is configured a particular way?

            I agree that 200,000+ lines of code is big.

            I can hardly talk, since I'm working on a fairly large app written in Perl, and it has its fun and games across versions with poorly written 3rd party modules, but at least the core language has been p

            • how many?
              admittedly, the number of installations on different servers is not that big - about 15 different servers so far and most of them (about 10 I think) have apache/php configs that we can't control. the number of sites it runs is around 200

              what kind of app?
              everything :) starting from cms/project management/messageboard and ending with ERP and over-the-web visual database forms creation and systems integration. basically it's an application server, or something like it and a huge amount of modules for
              • Yep, and there's a fair bit of that in any language unfortunately. I guess if it's a big enough app the abstracting is really important.

                We suffer from not enough abstraction in some ways.
            • Depends what you think a line of code is.

              // is this a line of code
              if( $A == $b){ print("is this a line of code") }

              /* is this one line of code

              or two */

              if(!$A) {
              print("how many lines of code is this");
              }

              just a thought. I have used php for large projects, just nothing that I didn't control the install envoirment on, so I really cant comment on that. Although I bet my project had at least 20,000 lines of comments.
          • Yeah, thanks for carefully reading what I wrote. You'll notice that Yahoo is running its apps on basically one or at most a few carefully controlled environments - not trying to build something that installs in lots of different versions of PHP on lots of different architectures.

            Thanks for playing though.
        • I think there is a problem with definitions here. "Enterprise" doesn't mean the same thing as "deployed on hundreds of different systems world-wide".

          If I'm doing something for a large company (dozens of servers), there is going to be some form of configuration management involved to keep those servers consistent amongst themselves. Therefore, "all the little incompatibilities" aren't the factor they are in something like Squirrelmail or phpMyAdmin, where you can't control what Joe Sixpack has installed on

      • by quelrods ( 521005 ) * <`quel' `at' `quelrod.net'> on Thursday July 01, 2004 @03:57PM (#9585940) Homepage
        ya except apache 1.3 + php isn't really an enterprise solution to a large web application either. One of the reasons cited above for php not working w/ apache2.0 is a lack of thread safety. In php there isn't any. Also, you can thread sessions all reads and writes lock the session from any further reads or writes until the operation is completed.
        • Yep... you're right... no large [osnews.com] enterprise [sourceforge.net] systems would be run on PHP...

          Be careful what you imply... the PHP core IS thread-safe... the only unknown is the large number of external libraries which PHP uses... The issues are not seen in non-threaded implementations... Forked processes do not hit the thread-safety issues, so any library is safe there...

          I'm not sure what you mean by "Also, you can thread sessions all reads and writes lock the session from any further reads or writes until the operation is
  • by Anonymous Coward on Thursday July 01, 2004 @02:25AM (#9579171)

    For security I wouldn't use anything where the source is open.

    I recommend Microsoft(r) Internet Information Services for server software (compiled with GS switch, so it's double secure compared to other products) and Microsoft(r) Internet Explorer for client (my favorite site MSN.com looks great in it).
  • Hold yer horses... (Score:4, Interesting)

    by Anonymous Coward on Thursday July 01, 2004 @03:29AM (#9579434)
    Ok, so Apache2 has been around forever now. The big hoopla was the threading module instead of prefork. However, you can't really use the threading model with PHP or mod_perl due to 3rd party libs not being thread safe.

    So is there really any point in using apache2 at all?

    Beyond maybe a cache/proxy role?
  • by redwoodtree ( 136298 ) * on Thursday July 01, 2004 @01:52PM (#9584402)
    First of all, to the people who wonder what's so great about Apache 2.x you should take some time to understand that Apache 2 is a completely new way of thinking about the HTTP server paradigm. Apache 2.x is now no longer simply an HTTP server but a protocol server that can serve anything you can write, FTP, SMTP whatever. In fact Apache 2.x FTP server has been darn stable.

    Besides the threaded model and the above paradigm shift, there is also the great improvements in the build system, the API and IPv6 support. You can read all about it here: New Features 2.0 [apache.org]. Do yourself a favor and start learning Apache 2.x now, you will not regret it down the line.

    Finally, I believe that with the 2.0.50 release the contributors have solved some of the most serious bugs and have delivered one of the most stable releases of Apache to date. Of course time will tell if there are significant bugs, I wouldn't go upgrading your production environment tomorrow. But the folks there have worked really hard on the big bugs and I have to give them a big thank you.

    The full change list is here: Changes 2.0.50 [apache.org]. They have fixed a very serious stderr bug, several annoying ldap bugs, addressed various other security and performance issues and generally done a great job.

    Way to go folks. Thank you!!!
    • So what you're saying is that Apache 2.x is the emacs of web servers? ;)
      • by Anonymous Coward
        Apache2 is a great OS, now it just needs a good web server.
    • First of all, to the people who wonder what's so great about Apache 2.x you should take some time to understand that Apache 2 is a completely new way of thinking about the HTTP server paradigm. Apache 2.x is now no longer simply an HTTP server but a protocol server that can serve anything you can write, FTP, SMTP whatever. In fact Apache 2.x FTP server has been darn stable.

      IIS was already like this. You can host any number of protocols and services with it. In fact it already ships with FTP and SMTP s
      • That's true, but try doing some of the more complex proxing/redirecting/tunneling with IIS. I've managed farms of dozens of apache servers all serving a combined several thousand hits per second to application servers running tomcat. IIS was never able to keep up with that type of traffic. But if you prefer IIS , more power to you.
    • Which FTP server for Apache are you using?

      mod_ftpd works great as an FTP server for Apache [outoforder.cc]..
    • I haven't had problems with libtool and apache but I have had all kinds of problems with libtool when compiling other software like PHP. It works well perhaps when you're compiling something on a Linux box which has all the libraries in the LSB compliant places and such but try using it on say HP or Solaris system that has some libraries in non-standard locations.
  • Cue the FUD about PHP being broken under Apache2...

    *sigh*

/earth: file system full.

Working...