In this issue

Apache Site: www.apache.org
Release: 1.3.9 (Released 20^th August 1999) (local download sites)
Beta: None

Apache 1.3.9 is the current stable release. Users of Apache 1.3.6 and earlier on Unix systems should upgrade to this version. Users of Apache on Windows can now upgrade to Apache 1.3.9 avoiding the previous problems with Apache 1.3.6. Read the Guide to 1.3.9 for information about changes between 1.3.6 and 1.3.9.

Most bugs listed below include a link to the entry in the Apache bug database where the problem is being tracked. These entries are called "PR"s (Problem Reports). Some bugs do not correspond to problem reports if they are found by developers.

A large number of patches have been made to the 1.3.9 code over the last couple of weeks in preparation for a 1.3.10 release within the next month.

• A security problem can occur for sites using mass name-based virtual hosting (using the new mod_vhost_alias module or with special mod_rewrite rules). Sites making use of this functionality should upgrade to Apache 1.3.10 as soon as possible.
• The UseCanonicalName directive did not work in <Directory> containers.

The next release of Apache will be version 1.3.10. A schedule has been put in place to aim for a public release around the 14th of January 2000. This date is subject to change if problems are found during the code freeze next week. Apache 1.3.10 fixes a number of minor bugs present in Apache 1.3.9 and also adds a few minor features.

Patches for bugs in Apache 1.3.9 will be made available in the apply_to_1.3.9 subdirectory of the patches directory on the Apache site. Some new features and other unofficial patches are available in the 1.3 patches directory. For details of all previously reported bugs, see the Apache bug database and known bugs pages. Many common configuration questions are answered in the Apache FAQ.

A number of small feature additions have been made which will appear in Apache 1.3.10 when it is released.

• Obtaining a list of compiled-in modules using the -l flag will now include the status of suexec even though suexec isn't a real module.
• A file layout for the BSDI distribution of Apache has been added. PR#5154
• The directory indexing module, mod_autoindex has been updated so that the automatic header and readme files can be server parsed and correctly use the standard include variables.

The Apache group have been working on Apache 2.0 for over a year. In September we published a Apache 2.0 preview and stated that a beta version should be available in late 1999 or early 2000. It is now likely that a public beta release will be made available within the next few months, although it will still be some time before 2.0 is a full stable relase. Previous experience has shown it can take nearly a year after a release before a large proportion of sites upgrade.

This situation causes a dilema for programmers working on Apache. New features should only be added into Apache 2.0; but with such a long lead time this has caused frustration. Some minor feature additions have been added to Apache 1.3 but there are a number of larger patches that have not yet been accepted. In particular patches for 1.3 exist to support IPv6, a mechanism to allow modules to hook into Apache called EAPI, and performance patches from SGI. It is not currently known if any of these will be included in a future release of 1.3, or if they will have to wait until 2.0.

EAPI is one solution for modules that need to take more control of Apache than the current Apache API allows. EAPI allows modules to hook into Apache with a loose coupling so DSO support is unaffected. Many modules can make use of such a mechanism. The first was the third-party SSL module, mod_ssl, which uses EAPI to integrate into Apache cleanly. With so many sites already patching in EAPI to their 1.3 servers it would be sensible to include EAPI in a future 1.3 release, but this would make it incompatible with Apache 2.0 which already contains a different hook mechanism.

In issue 166 (July 1999) we reported that patches designed to improve the performance of Apache when measured by the SPECweb96 benchmark had been submitted. These patches are optimised for the SGI Irix platform where they gave up to a ten-fold increase in speed. It has been decided that these patches will not be included in Apache 1.3 but they may be included in Apache 2.0. Users of Apache 1.3 who are interested in trying out the improvements can download the patches direct from SGI.

The second official Apache conference, ApacheCon 2000, takes place March 8th-10th 2000 in Orlando, Florida. Apache Week is a sponsor of ApacheCon 2000 and will keep you updated on conference news between now and March.

You can now register on-line for ApacheCon 2000 using a credit card and a secure web browser. By registering for the conference early, ApacheCon are offering a discount of US$225 off the full conference price.

Keynote speakers have been selected for ApacheCon this week and include: Brian Behlendorf, president of the Apache Software Foundation, George Paolini, from Sun Microsystems, and Alfred Z. Spector, Senior Technical Strategist from IBM. More details of their talks are available online.

Each month we report on the new figures from the Netcraft and E-Soft surveys of public web sites. The December 1999 surveys show little change in the market share, with Netcraft finding Apache-based servers at 59% of the market and E-Soft reporting 55%. There is also little change in the secure server space, with E-Soft finding Apache-based servers accounting for over 66% of the market.

The E-Soft survey also contains a look at the most popular Apache modules currently in use, finding that PHP is now installed on nearly a quarter of all Apache servers, with Perl on just over 6%. They also find that only two-thirds of Apache sites are running a 1.3 release.