Downloads

Download Apache 2.0.48

By admin
Spread the love

In addition to Apache 1.3.29, a new version of the 2.0 branch has also been released. This release also fixes a bug that can cause buffer overflow in mod_alias and mod_rewrite. In addition, some beauty mistakes are also fished out of the program. The following changes apply to 2.0.48:

Apache 2.0.48 Major changes

    Security vulnerabilities closed since Apache 2.0.47
    • SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of the AF_UNIX socket used to communicate with the cgid daemon and the CGI script. [Jeff Trawick]
    • SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures. [André Malo]

    Bugs fixed and features added since Apache 2.0.47

    • mod_include: fix segfault which occured if the filename was not set, for example, when processing some error conditions. PR 23836. [Brian Akins , André Malo]
    • fix the config parser to support .. containers (no arguments in the opening tag) supported by httpd 1.3. Without this change mod_perl 2.0’s sections are broken. [“Philippe M. Chiasson” ]
    • mod_cgid: fix a hash table corruption problem which could result in the wrong script being cleaned up at the end of a request. [Jeff Trawick]
    • Update httpd-*.conf to be clearer in describing the connection between AddType and AddEncoding for defining the meaning of compressed file extensions. [Roy Fielding]
    • mod_rewrite: Don’t die silently when failing to open RewriteLogs. PR 23416. [André Malo]
    • mod_rewrite: Fix mod_rewrite’s support of the [P] option to send rewritten request using “proxy:”. The code was adding multiple “proxy:” fields in the rewritten URI. PR: 13946. [Eider Oliveira ]
    • cache_util: Fix ap_check_cache_freshness to check max_age, smax_age, and expires as directed in RFC 2616. [Thomas Castelle ]
    • Ensure that ssl-std.conf is generated at configure time, and switch to using the expanded config variables to work the same as httpd-std.conf PR: 19611 [Thom May]
    • mod_ssl: Fix segfaults after renegotiation failure. PR 21370 [Hartmut Keil ]
    • mod_autoindex: If a directory contains a file listed in the DirectoryIndex directive, the folder icon is no longer replaced by the icon of that file. PR 9587. [David Shane Holden ]
    • Fixed mod_usertrack to not get false positive matches on the user-tracking cookie’s name. PR 16661. [Manni Wood ]
    • mod_cache: Fix the cache code so that responses can be cached if they have an Expires header but no Etag or Last-Modified headers. PR 23130. [bjorn@exoweb.net]
    • mod_log_config: Fix %b log format to write really “-” when 0 bytes were sent (eg with 304 or 204 response codes). [Astrid Keßler]
    • Modify ap_get_client_block() to note if it has seen EOS. [Justin Erenkrantz]
    • Fix a bug, where mod_deflate sometimes unconditionally compressed the content if the Accept-Encoding header contained only other tokens than “gzip” (such as “deflate”). PR 21523. [Joe Orton, André Malo]
    • Avoid an infinite recursion, which occured if the name of an included config file or directory contained a wildcard character. PR 22194. [André Malo]
    • mod_ssl: Fix a problem setting variables that represent the client certificate chain. PR 21371 [Jeff Trawick]
    • Unix: Handle permissions settings for flock-based mutexes in unixd_set_global|proc_mutex_perms(). Allow the functions to be called for any type of mutex. PR 20312 [Jeff Trawick]
    • ab: Work over non-loopback on Unix again. PR 21495. [Jeff Trawick]
    • Fix a misleading message from the some of the threaded MPMs when MaxClients has to be lowered due to the setting of ServerLimit. [Jeff Trawick]
    • Lower the severity of the “listener thread didn’t exit” message to debug, as it is of interest only to developers. PR 9011 [Jeff Trawick]
    • MPMs: The bucket brigades subsystem now honors the MaxMemFree setting. [Cliff Woolley, Jean-Jacques Clar]
    • Install config.nice into the build/ directory to make minor version upgrades easier. [Joshua Slive]
    • Fix mod_deflate so that it does not call deflate() without checking first whether it has something to deflate. (Currently this causes deflate to generate a fatal error according to the zlib spec.) PR 22259. [Stas Bekman]
    • mod_ssl: Fix FakeBasicAuth for subrequest. Log an error when an identity spoof is encountered. [Sander Striker]
    • mod_rewrite: Ignore RewriteRules in .htaccess files if the directory containing the .htaccess file is requested without a trailing slash. PR 20195. [André Malo]
    • ab: Overlong credentials given via command line no longer clobber the buffer. [André Malo]
    • mod_deflate: Don’t attempt to hold all of the response until we’re done. [Justin Erenkrantz]
    • Assure that we block properly when reading input bodies with SSL. P.R. 19242. [David Deaves , William Rowe]
    • Update mime.types to include latest IANA and W3C types. [Roy Fielding]
    • mod_ext_filter: Set additional environment variables for use by the external filter. PR 20944. [Andrew Ho, Jeff Trawick]
    • Fix buildconf errors when libtool version changes. [Jeff Trawick]
    • Remember an authenticated user during internal redirects if the redirection target is not access protected and pass it to scripts using the REDIRECT_REMOTE_USER environment variable. PR 10678, 11602. [André Malo]
    • mod_include: Fix a trio of bugs that would cause various unusual sequences of parsed bytes to omit portions of the output stream. PR 21095. [Ron Park , André Malo, Cliff Woolley]
    • Update the header token parsing code to allow LWS between the token word and the ‘:’ seperator. [PR 16520] [Kris Verbeeck , Nicel KM ]
    • Eliminate creation of a temporary table in ap_get_mime_headers_core() [Joe Schaefer ]
    • Added FreeBSD directory layout. PR 21100. [Sander Holthaus , André Malo]
    • Fix NULL-pointer issue in ab when parsing an incomplete or non-HTTP response. PR 21085. [Glenn Nielsen , André Malo]
    • mod_rewrite: Perform child initialization on the rewrite log lock. This fixes a log corruption issue when flock-based serialization is used (eg, FreeBSD). [Jeff Trawick]
    • Don’t respect the Server header field as set by modules and CGIs. As with 1.3, for proxy requests any such field is from the origin server; otherwise it will have our server info as controlled by the ServerTokens directive. [Jeff Trawick]

    [break]The update is available for the following OSs:
    MacOS X Darwin
    MacOS X
    Novell Netware
    Windows 9x/Me/2k/XP
    Linux x86

Version number 2.0.48
Operating systems Windows 9x, Windows NT, Windows 2000, Windows XP, Linux x86, macOS
Website Apache.org
Download
File size

8.99MB
License type GPL
You might also like
News

Rip Felix Baumgartner: these are his best Skydive stunts

eCommerce

The top 5 jobs with the least workload

Apps

These two new Apple apps can now be tested

Apps

Popular apps Pixelmator and Photomator are now from Apple

News

MacOS Sequoia 15.3.1 is out: what’s new for your Mac?

News

iOS 18.3.1 is out (and this is why you have to update)

Exit mobile version