In this issue

Apache 2.0.42 was released on 24^th September 2002 and is now the latest version of the Apache server. This is the fifth stable release of Apache 2.0, following up on 2.0.40 which was released on 9^th August 2002. Read our special feature for more information about the history of Apache 2.0.

Apache 2.0.42 is available in source form for compiling on Unix or Windows, for download from the main Apache site or from any mirror download site.

This is mainly a bug-fix release with a few new features. Users should upgrade if they will be affected by the particular bugs mentioned below or would like to use any of the new features.

The security fixes in this release are:

• Fix a segfault in mod_dav if a particular OPTIONS request is received for a DAV-enabled location, where a DAV repository is configured which does not support versioning (such as that provided by mod_dav_fs).

Users of thread-based MPMs on Unix platforms such as worker should be aware that a segfault in a single worker thread will terminate all other worker threads within that process; segfaults which can be triggered remotely allow a Denial of Service attack in such configurations.

The new features in this release are:

• A new directive, AddOutputFilterByType, was added to make it possible to add multiple filters per directive.
• Include directives may now have wildcards in the final part of the path.
• Fixes for mod_cache to ensure that cache file names are chosen which are unique for all virtual hosts and query arguments.
• A new directive, ModMimeUsePathInfo, can be used to make mod_mime consider the path info component of URIs.
• mod_cache now has support for caching streamed responses such as proxy or CGI responses. A new directive, CacheMaxStreamingBuffer, was added to tune this behaviour.
• The experimental leader/followers MPM was restored to working condition and its thread synchronization method was changed.
• Add BufferedLogs directive to enable or disable buffered server logs at run-time. Add support for third party modules to handle writes to log files.
• The ServerTokens has a new maj option to only show the major version.
• The performance of keepalive requests was improved.

The bugs fixed in this release include:

• Segmentation faults were fixed in mod_cache and mod_env.
• Memory leaks were plugged in the server core and in the chunking code.
• Parsing of the protocol version (e.g. HTTP/1.1) in the request line is now case insensitive.
• mod_disk_cache's generation of 304s was fixed. The module as a whole is much improved, although it must still be considered experimental.
• mod_cache now does not cache responses to GET requests with URLs containing a query segment unless the origin server explicitly provides an Expires header on the response.
• The operation of FileETags none was fixed. BZ#12207
• mod_rewrite was changed to use apr-util's database support for database rewrite maps. The database type (e.g. ndbm, gdbm) can now be specified in the RewriteMap directive. BZ#10644
• mod_rewrite's prg: support was fixed so that request/response pairs no longer get out of sync with each other. BZ#9534
• Various tweaks were made to mod_rewrite's cookie support: they may now be set on errors, the correct expiry date is used, logging was improved, and the path can now be set. BZ#12132, BZ#12181, BZ#12172
• mod_ext_filter's handling of quoted and escaped command args was fixed. BZ#11793
• mod_proxy now handles proxied responses with no status line.
• The message printed when a module is rejected due to incompatibility now prints the actual version number of the failed module and the server. BZ#11213
• mod_proxy_ftp was made thread-safe.
• Fix logic to prevent non-HTML files from being compressed by mod_deflate.
• The content-length filter no longer tries to buffer up the entire output of a long-running request before sending anything to the client.
• The unused CacheOn directive was removed.

The following platform-specific changes have been made:

• The default stack size was decreased on Win32 to allow around 8000 threads to be started per child process.
• The ThreadLimit directive was added to the Windows MPM.
• A bug was fixed whereby environment or command line arguments containing non-ASCII-7 characters would cause the child process creation to fail on Win32. BZ#11854

Following the 2.0.42 release this week, a 1.3.27 release is due soon. No major changes have been made since the last 1.3 release; some protocol checks have been relaxed, several platform-specific fixes are included notably adding support for Caldera OpenUNIX 8, and a few minor bugs have been fixed.

There was some discussion on the development list concerning the potential advantages of a 2.0 filter module which strips unnecessary whitespace and comments from HTML content being served. Several developers felt this was of limited benefit; the mod_gzip module being a better way of saving bandwidth. Jeff Trawick noted that the mod_ext_filter module could already be used to do this by filtering content through an external program such as HTML Tidy, however this would add a lot of overhead to the server.

In this section we highlight some of the articles on the web that are of interest to Apache users.

Sys Admin magazine presents "Using Oracle with Apache and PHP on Linux" which shows you how to access an Oracle database via PHP running on an Apache web server. The versions of softwares used in the examples are Red Hat 7.3, Apache 1.3.23, PHP 4.1.2, and Oracle 9i (9.0.1.0.0.).

The Developer Shed continues with the fourth installment of the series on Web applications entitled "The Art Of Software Development". "Delivering Quality" fills the gap between the completion of coding and the delivery of the software to the customer. The list of tasks to be completed includes developing suitable test cases for unit, system, and acceptance testing, preparing a detailed test plan, testing and debugging the software, and preparing the documentation such as the user manual, developer's guide, and API specifications.

"Moodss - Modular Administration" talks about the Modular Object Oriented Dynamic SpreadSheet (Moodss) which is a freely downloadable graphical monitoring application. Currently there are 34 modules available which can be loaded to monitor any sort of data, from monitoring network activity to monitoring an Apache web server with a MySQL database as the data provider for the dynamic pages.

We received just under 400 entries to our recent competition, although 6 of those were spam and two people thought that the M in XML stood for Microsoft. The right answer was of course "Markup", so congratulations to the two lucky winners chosen at random; Tom Caldwell and Francis Lee - your books will be in the post.

Read the Apache Week review of Professional PHP4 XML and look out for more book competitions and reviews coming soon.