In this issue

Release: 1.1.1
Beta: None

• Report of core dumps in includes module on some error conditions

• dbmmanage (in the support directory) did not use a random salt when creating a password
• Directory module could core dump when indexing empty directory

Apache is being prepared for a public beta release. While there is currently no date set for the release, the development work has slowed down to allow the internal testing of a stable version.

The following items are under development and may be included in the next release of Apache. See our Apache 1.2 Sneak Preview for other new features in the next release.

There have been some changes to the module API in the upcoming release. Some of these may need changes in existing modules, and are necessary to support the new HTTP/1.1 protocol. However most of the changes are enhancements that should not affect existing modules, provided that they are recompiled.

One such change is that directives can now take optional arguments, and can 'decline' to handle commands. This allows more than one module to handle a particular directive, only taking action if it wants to, based on a argument. For example the AuthUserFile directive in the NCSA server takes a second argument giving a file type (either dbm or standard). These two formats are handled by different modules in Apache, so in previous releases each module has had to use its own directive (the DBM module added a directive AuthDBMUserFile). In the next release, the DBM module will use the same command. It will look at the file type argument, and if it is not "dbm" it will decline to handle the directive.

An effort is being made to separate the modules from the 'core' Apache code. Starting with the (new) proxy module, modules will be distributed in a 'modules' subdirectory of 'src'. This will leave the core Apache code (the http_*.c files, and other support code) in the src directory.

As reported in Apache Week 34, there is a bug in the old phf cgi-bin program which is currently being exploited. The next release will come with sample cgi-bin code to log requests for this file, which could be used to track down the culprits.

The new version of the Hypertext Transfer Protocol, HTTP/1.1, has become a Proposed Standard, and will shortly be issued as an RFC. Digest Authentication will form part of the HTTP/1.1 specification (either as a part of the HTTP/1 RFC, or a separate but linked RFC).

The new standards will be placed on the "standards track" which means they are intended to become an official Internet standard in the future. The first stage of the standards track is "Proposed Standard", which means that the standard has been through a detailed design period, but is not necessarily implemented. To move to a status of "Draft Standard" requires two independant and interoperable implementations. The final stage is "Internet Standard", which follows the Draft Standard stage when there has been significant operational experience, and will provide a significant benefit to the Internet.