In this issue

A patch was submitted last week which may be of interest to server administrators looking to deploy Digest-based authentication. As covered last year, there is a bug in the Digest authentication code in Microsoft Internet Explorer, causing requests which use a query string to fail if under Digest protection. Paul Querna, developer of the mod_authn_dbi module, has developed a BrowserMatch-based workaround for this issue; relaxing the check to allow MSIE to authenticate correctly without compromising security for other browsers.

Some patches have been committed recently to improve mod_dav's performance and memory use when generating PROPFIND responses. The code has been changed to stream the responses straight to the client rather than batching them up in memory.

Also this week, Jim Jagielski proposed to begin the 1.3.28 release process, and there was a hint that 2.0.47 might not be so far off.

The Apache Software Foundation held an annual members meeting this week. The meeting was the first to take place virtually, being held via IRC, and prompted a healthy turn out with well over half of the 89 ASF members attending. A secret ballot was held to elect the new board of directors of the ASF as well as to elect a number of new ASF members. There were twelve nominations for directors, with nine positions available, and for the first time the single transferable vote mechanism was used to give a much fairer vote.

All the previous directors were re-elected apart from Bill Stoddard who was replaced by Mark Cox. The new board comprises of Brian Behlendorf, Ken Coar, Mark Cox, Roy T. Fielding, Dirk-Willem van Gulik, Jim Jagielski, Ben Laurie, Sam Ruby, and Greg Stein.

In this section we highlight some of the articles on the web that are of interest to Apache users.

Linux vendor Red Hat posted a short article about backporting of security patches. It explains why vendors don't always upgrade their distributions to the latest software releases using Apache as an example

In this tutorial entitled "Staying Out of Deep Water: Performance Testing Using HTTPD-Test's Flood", Martin Brown shows us how to install, configure, and test Flood - a profile-driven HTTP load tester. He provides three sets of different settings for Flood to simulate the effect of requests for news-style, shopping, and "Slashdotted" Web sites.

Two opposing book reviews on "Web Hacking: Attacks and Defense" can be found at Help Net Security and Linux Gazette. A sample of chapter 10 is available to be downloaded in pdf format. You may also be interested to read a review on "Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID".

If you do not know James, "Working with James, Part 1" and "Part 2" will get you on intimate terms with the Java Apache Mail Enterprise Server in no time at all. The former introduces you to James while the latter talks about building e-mail based applications with matchers and mailets.