Download Apache 2.0.53

Spread the love

The Apache HTTP Server Project development team recently released a new version of their Apache HTTP Server. The version number has now arrived at 2.0.53 and has two sealed security vulnerabilities and a mountain of bug fixes. The supplied changelog therefore looks like this:

Changes with Apache 2.0.53:

  • SECURITY: CAN-2004-0942
    Fix for memory consumption DoS in handling of MIME folded request headers.
  • SECURITY: CAN-2004-0885
    mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be bypassed during an SSL renegotiation. PR 31505.
  • Fix –with-apr=/usr and/or –with-apr-util=/usr. PR 29740.
  • mod_proxy: Fix ProxyRemoteMatch directive. PR 33170.
  • mod_proxy: Respect errors reported by pre_connection hooks.
  • –with-module can now take more than one module to be statically linked: –with-module=:,:,… If the -subdirectory doesn’t exist it will be created and populated with a standard Makefile.in . [Erik Abele]
  • Fix the RPM spec file so that an RPM build now works. An RPM build now requires system installations of APR and APR-util. Remove some arbitrary moving around of binaries – the RPM now maps to the ASF build of httpd.
  • mod_dumpio, an I/O logging/dumping module, added to the modules/experimental subdirectory.
  • mod_auth_ldap: Handle the inconsistent way in which the MS LDAP library handles special characters. PR 24437.
  • Win32 MPM: Correct typo in debugging output.
  • conf: Remove AddDefaultCharset from the default configuration because setting a site-wide default does more harm than good. PR 23421.
  • Add charset to example CGI scripts.
  • mod_ssl: fail quickly if SSL connection is aborted rather than making many doomed ap_pass_brigade calls. PR 32699.
  • Remove compiled-in upper limit on LimitRequestFieldSize.
  • Start keeping track of time-taken-to-process-request again for mod_status if ExtendedStatus is enabled.
  • mod_proxy: Handle client-aborted connections correctly. PR 32443.
  • Fix handling of files >2Gb on all platforms (or builds) where apr_off_t is larger than apr_size_t. PR 28898.
  • mod_include: Fix bug which could truncate variable expansions of N*64 characters by one byte. PR 32985.
  • Correct handling of certain bucket types in ap_save_brigade, fixing possible segfaults in mod_cgi with #include virtual. PR 31247.
  • Allow for the use of –with-module=foo:bar where the ./modules/foo directory is local only. Assumes, of course, that the required files are in ./modules/foo, but makes it easier to statically build/log “external” modules.
  • Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that ldap authorization only modules have access to the util_ldap user cache without having to require ldap authentication as well. P.R. 31898.
  • mod_auth_ldap: Added the directive “Requires ldap-attribute” that allows the module to only authorize a user if the attribute value specified matches the value of the user object. PR 31913
  • mod_ssl: Fail at startup rather than segfault at runtime if a client cert is configured with an encrypted private key. PR 24030.
  • apxs: fix handling of -Wc/-Wl and “-o mod_foo.so”. PR 31448
  • mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
  • mod_cache: CacheDisable will only disable the URLs it was meant to disable, not all caching. PR 31128.
  • mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale cache responses.
  • mod_rewrite: Handle per-location rules when r->filename is unset. Previously this would segfault or simply not match as expected, depending on the platform.
  • mod_rewrite: Fix 0 bytes write into random memory position. PR 31036.
  • mod_disk_cache: Do not store aborted content. PR 21492.
  • mod_disk_cache: Correctly store cached content type. PR 30278.
  • mod_ldap: prevent the possibility of an infinite loop in the LDAP statistics display. PR 29216.
  • mod_ldap: fix a bogus error message to tell the user which file is causing a potential problem with the LDAP shared memory cache. PR 31431
  • mod_disk_cache: Do not store hop-by-hop headers.
  • Fix the re-linking issue when purging elements from the LDAP cache. PR 24801.
  • mod_disk_cache: Fix races in saving responses.
  • Fix Expires handling in mod_cache.
  • Alter mod_expires to run at a different filter priority to allow proper Expires storage by mod_cache.

[break]At the moment only the source is available, the binaries for, among others, the Windows platform are still under development.

Version number 2.0.53
Operating systems Windows 9x, Windows NT, Windows 2000, Linux, BSD, Windows XP, macOS, Solaris, UNIX, Windows Server 2003
Website Apache Software Foundation
Download
file size

6.63MB

License type Conditions (GNU/BSD/etc.)
You might also like