Apache httpd 2.0.48 was released on 29th October 2003 and is
now the latest version of the httpd 2.0 server. The previous
release was 2.0.47, released on the 10th July 2003.
See
what was new in Apache httpd 2.0.47.
Apache httpd 2.0.48 is
available for download.
This is a security, bug fix and minor upgrade release.
Due to security issues, any sites using versions of 2.0 prior to
Apache httpd 2.0.48 should upgrade to Apache httpd 2.0.48.
Read more
about the other security issues that affect 2.0.
The following bugs were found in httpd 2.0.47 and have been
fixed in httpd 2.0.48:
-
mod_include: fix possible segfault when
processing error conditions (BZ#23836); fix three
bugs which could cause output corruption with some input
documents (BZ#21095)
-
mod_rewrite: fix log corruption on
platforms using flock locking (e.g. FreeBSD); fix support for
[P] rewrites (BZ#13946)
-
mod_ssl: fix support for
CLIENT_CERT_CHAIN variables (BZ#21371),
fix possible segfault after renegotiation failure (BZ#21370), fix FakeBasicAuth when
processing subrequests
-
mod_deflate: fix cases where compressed
content could be sent to a client which did not request it
(BZ#21523); fix compression of empty responses; fix
unnecessary buffering of compressed responses
- Fix handling of <Foo>...</Foo> containers in
configuration files (covered
previously)
- Fix infinite recursion if an Include directive is used for
a directory containing a file with a name which contained
wildcard characters (BZ#22194)
-
mod_cgid: fix bug where a script could be
terminated prematurely after a different request ends
-
mod_cache: fix handling of max-age,
smax-age and expires tokens to comply with RFC 2616; fix to
allow caching response with an Expires header but
no Etag or Last-Modified (BZ#23130)
-
mod_usertrack: fix false positives in
matching cookies used for user tracking (BZ#16661)
Apache httpd 1.3.29 was released on 29th October 2003 and
is now the latest version of the Apache httpd 1.3 server. The previous
release was 1.3.28, released on the 18th July
2002. See
what was new in Apache httpd 1.3.28.
Apache httpd 1.3.29
is available for download
This is a security, bug fix and minor upgrade release. Due
to security issues, any sites using versions of Apache httpd 1.3
prior to Apache httpd
1.3.29 should upgrade to Apache httpd 1.3.29.
Read more about the other security
issues that affect Apache httpd 1.3.
The following bugs have been fixed in 1.3.29:
- fix a bug introduced in 1.3.28 where zombie processes
could be left when using CGI scripts with suexec
- fix a bug introduced in 1.3.28 where some file descriptors
would be closed twice; this could cause problems particularly
for third-party modules which keep database sockets open
across several requests.
- fix a connection handling problem when a redirect is sent
as an error document response.
-
mod_proxy: fix support for reverse
proxying an FTP site
-
mod_usertrack: fix false positives in
matching cookies used for user tracking (BZ#16661)