Software Update: Apache 2.2.13

The Apache HTTP Server Project development team has released a new version of the Apache web server. This server, which is used on many platforms, can be provided with all kinds of extra functions with the help of modules. The new version bears the serial number 2.2.13 and bears the following announcement and list of changes:

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.2.13 of the Apache HTTP Server (“Apache”). This version of Apache is principally a security and bug fix release. Notably, this version bundles the APR Library version 1.3.8 and APR Utility Library version 1.3.9, which address a security concern which may be triggered by some third party modules. We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade.

Changes with Apache 2.2.13:

  • SECURITY: CVE-2009-2412 (cve.mitre.org) Distributed with APR 1.3.8 and APR-util 1.3.9 to fix potential overflow in pools and rmm, where size alignment was taking place.
  • mod_ssl, ab: improve compatibility with OpenSSL 1.0.0 betas. Report warnings compiling mod_ssl against OpenSSL to the httpd developers.
  • mod_cgid: Do not add an empty argument when calling the CGI script. PR 46380
  • Fix potential segfaults with use of the legacy ap_rputs() etc interfaces, in cases where an output filter fails. PR 36780.

Version number 2.2.13
Release status Final
Operating systems Windows 7, Windows 9x, Windows 2000, Linux, BSD, Windows XP, macOS, OS/2, Solaris, UNIX, Windows Server 2003, Windows Vista, Windows Server 2008
Website Apache Software Foundation
Download http://httpd.apache.org/download.cgi
License type Freeware