1.0.5 is the current stable public release. The beta test
version, 1.1b, is still at version 2, but 1.1b3 and a full
release should not be too far away now.
Directory indexing can fail when DocumentRoot has
trailing slash
If the DocumentRoot directive is given a directory with a
trailing slash, e.g. DocumentRoot /usr/local/etc/httpd/htdocs/,
various parts of the
directory indexing module do not operate correctly. A
work-around is to not put a trailing slash on the
DocumentRoot directory.
Problems with new Linux libc
There have been reports of some problems with the new
version of Linux libc, version 5.3.*. This has a new
implementation of malloc(), and the problem might be in the
new libraries, or perhaps an Apache problem that has gone
unnoticed until now. It looks most likely to be a libc
problem, since similar problems have not been reported on
other OSes. At the moment, it is probably better not to use
the current libc 5.3.12 with Apache.
Imagemap module can give incomplete URLs
There was a problem with the imagemap module returning
relative filenames in some circumstances. There is also a
problem when the map entry URL starts with .. and base
referer is in use, for some referred URLs. Fixes are being
tested.
A new version of mod_auth_anon is now available, and will
be part of the next release. This module allows anonymous
access to authenticated areas, rather like the 'anonymous'
user in ftp connections. When the user goes into an area
protected by this module, they enter a special username
(typically 'anonymous'), with their email address as
password. The module can be configured to work with other
authentication modules so that people can access protected
areas either with a valid username and password, or
anonymously. The documentation
is available now.
CGI stuff removed
Various programs and scripts from cgi-bin and cgi-src have
been removed from the Apache distribution. This is because
many of these are very old, not maintained by the Apache
group, and might contain bugs and security problems that
the Apache group do not want to be associated with. Also, a
couple of changes have been made to make fresh Apache
installations more secure: scripts that are left in cgi-bin
are distributed without execute permission, and srm.conf
now has the ScriptAlias command commented out, so that by
default there is no cgi-bin directory anyway. The old
cgi-bin and cgi-src files will be available in a
cgi-pack archive.
Implementing Host header
The new HTTP/1.1 specification makes browsers send a
Host: header containing the hostname of the
resource being requested. This can be used by the server to
identify the resource to be returned, as a way of
implementing virtual hosts on a single IP address. The
issue with supporting this is how to give a useful response
to requests from old browsers that do not send a Host:
header. While this connect be done totally transparently,
there will probably be some extra directives to aid setting
up a site that supports both old and new browsers.