In this issue

A new beta test release of Apache is expected soon. This will be version 1.3b7, and is the latest in a series of beta releases eventually leading to the release of Apache 1.3.0. This beta consists mainly of bug fixes over the previous beta. Users of 1.3b6 should upgrade to the new beta when it comes out.

Amongst the few new features in 1.3b7 are:

• New directive ServerTokens to control how Apache names itself to browsers
• Apache will not open configuration files which are devices, except for /dev/null, to fix a potential denial of service problem (Unix only)
• When a child process exits, the parent will log the reason and if necessary kill other children and exit to prevent looping (Unix only)
• Work with UNC type paths (Windows only)

In addition many bugs are fixed. The full list is available in the src/CHANGES file in the distribution

Apache Site: www.apache.org
Release: 1.2.6 (Released 24^th March 1998) (local download sites)
Beta: 1.3b6 (Released 20^th April 1998) (local download sites)

Apache 1.2.6 is the current stable release. Users of Apache 1.2.5 and earlier should upgrade to this version since it fixes a number of bugs and potential security problems.

These bugs have been found in 1.3b6 and will be fixed in the next beta (1.3b7).

Because of the major differences between Windows and Unix, these are separated into bugs which affect Windows systems only, and other bugs (which may affect Windows as well). Unix users can ignore the bugs listed in the Windows section.

Windows-specific Bugs

• The bug which can cause Apache to lock up when on multiple concurrent CGI accesses should have been fixed. This was really a bug in Microsoft's MSVC++ compiler (in the C runtime). Apache will work around the bug by avoiding use of the C runtime when launching CGI programs, so it now uses native Win32 functions to run CGIs. PR#1129, PR#1607.
• Default filenames for error and access logs were error_log and access_log, but Windows likes to see file extensions. From the next beta the default configuration files will use error.log and access.log instead.

Other Bugs

• Selecting the "Last Modified" link in a fancy directory index could cause a crash.
• dbmmanage could not handle entry of passwords containing the "0" (zero) character.
• Accessing some types of FTP servers via the proxy can cause problems. This is partially fixed. PR#959, PR#1123.
• The standard configuration files were not linking the /icons URL to the icons directory, required for proper display of fancy directory indexes.
• OS/2 only: CGI scripts starting with #! and using CR-LF line endings would fail.

Patches for bugs in Apache 1.2.6 may be made available in the apply_to_1.2.6 subdirectory of the patches directory on the Apache site (this directory may not exist if no patches are available). Some new features and other unofficial patches are available in the 1.2 patches directory (these may not apply cleanly to 1.2.6). For details of all previously reported bugs, see the Apache bug database and known bugs pages. Many common configuration questions are answered in the Apache FAQ.

Development has slowed down to prepare for the release of Apache 1.3. During the beta release cycle Apache is in a "feature freeze" where no major new features will be added.