In this issue

Apache Site: www.apache.org
Release: 1.3.9 (Released 20^th August 1999) (local download sites)
Beta: None

Apache 1.3.9 is the current stable release. Users of Apache 1.3.6 and earlier on Unix systems should upgrade to this version. Users of Apache on Windows can now upgrade to Apache 1.3.9 avoiding the previous problems with Apache 1.3.6. Read the Guide to 1.3.9 for information about changes between 1.3.6 and 1.3.9.

Most bugs listed below include a link to the entry in the Apache bug database where the problem is being tracked. These entries are called "PR"s (Problem Reports). Some bugs do not correspond to problem reports if they are found by developers.

These bugs have been found in 1.3.9 and will be fixed in the next release. Because of the major differences between Windows and Unix, these are separated into bugs which affect Windows systems only, and other bugs (which may affect Windows as well). Unix users can ignore the bugs listed in the Windows section.

Windows-specific Bugs

• The new digest authentication module, mod_auth_digest, does not work with Windows. This bug has not yet been completely fixed, but work is progressing to allow the module to be used.
• CGI scripts are broken if the script calls other programs that output to stdout
• 16 bit CGI scripts would not work

Other Bugs

• The ap_base64decode_binary routine has a potential buffer overflow problem. This was affecting nonce checking in the new digest authentication module. PR#4957

Patches for bugs in Apache 1.3.9 will be made available in the apply_to_1.3.9 subdirectory of the patches directory on the Apache site. Some new features and other unofficial patches are available in the 1.3 patches directory. For details of all previously reported bugs, see the Apache bug database and known bugs pages. Many common configuration questions are answered in the Apache FAQ.

Each month we report on the new figures from the Netcraft survey of web sites. The September survey shows little change in the market share for Apache-based servers, taking over 61% of the market. Additionally this month, the survey extracts some data from the Netcraft commercial SSL survey. This survey looks only at sites that run secure servers. This gives a better idea of the real state of the market as each domain running a secure server needs its own distinct certificate from a third party such as Equifax, Thawte, or Verisign. In their normal survey it is easy for a single ISP to inadvertently skew the results if they have a single machine hosting many hundreds of thousands of sites (such as Freeserve in the UK).

The SSL survey for August 1999 shows that Microsoft are in the lead with 36% of the market. Apache with SSL is next with a 25% share. Stronghold from C2Net and Netscape both have 13% but with Stronghold slightly ahead.

The Apache Software Foundation has been listed as one of the 100 companies that matter by the Industry Standard this week. The article (not yet available online) presents their view of the most important companies in the Internet economy and lists the foundation alongside companies such as Sun, IBM and SGI.

Internet World (September 15th 1999) profiles Apache co-founder Brian Behlendorf in Open for Business. The article looks at the history of Apache as well as Brian's new open-source venture, SourceXchange. Unfortunately the article has some factual mistakes as it labels him as the spokesman for the group and Apache as "his" software.