In this issue

Apache Site: www.apache.org
Release: 1.3.9 (Released 20^th August 1999) (local download sites)
Beta: None

Apache 1.3.9 is the current stable release. Users of Apache 1.3.6 and earlier on Unix systems should upgrade to this version. Users of Apache on Windows can now upgrade to Apache 1.3.9 avoiding the previous problems with Apache 1.3.6. Read the Guide to 1.3.9 for information about changes between 1.3.6 and 1.3.9.

Most bugs listed below include a link to the entry in the Apache bug database where the problem is being tracked. These entries are called "PR"s (Problem Reports). Some bugs do not correspond to problem reports if they are found by developers.

These bugs have been found in 1.3.9 and will be fixed in the next release. Because of the major differences between Windows and Unix, these are separated into bugs which affect Windows systems only, and other bugs (which may affect Windows as well). Unix users can ignore the bugs listed in the Windows section.

Windows-specific Bugs

• Some text editors on Windows (and OS/2) add end-of-file markers to the end of files they create. Apache does not ignore these characters if found in configuration files, causing 'Invalid command' errors.

Other Bugs

• The spelling correction module, mod_speling does not correctly encode the replacement URI, leading to bad URL's being returned.
• The new digest authentication module, mod_auth_digest.c has a number of problems. Random data was not being obtained correctly on FreeBSD, URI's were not correctly escaped in the Authorization header, and domain attributes were being sent on Proxy authentication requests. PR#4967

Patches for bugs in Apache 1.3.9 will be made available in the apply_to_1.3.9 subdirectory of the patches directory on the Apache site. Some new features and other unofficial patches are available in the 1.3 patches directory. For details of all previously reported bugs, see the Apache bug database and known bugs pages. Many common configuration questions are answered in the Apache FAQ.

As well as using the standard CLF, Apache is able to log requests in custom formats. In order to give more control over the custom logging, new logging variables have been added. %m now logs the request method used (such as "GET" or "POST") and %H logs the request protocol (such as "HTTP/1.1").

Apache is the "Best Web Server" according to the first ever Linux World Editors' Choice Awards. They complimented Apache for being fast and stable, and noted that it enjoys "special popularity on Linux".

The award was presented during the Linux World conference, from where Apache member Brian Behlendorf gave an interview about the organisation, other open source projects, and the future of Apache.

A new secure server survey has been released by E-Soft this month [free registration required]. Stronghold is shown to have the highest market share at over 36% followed by other Apache SSL variants with just under 30%. As Stronghold is based on Apache, this gives a combined total for Apache-based servers of over 66%, the next highest being Microsoft with under 20% market share.

This survey shows significantly different results to the SSL survey from Netcraft reported in Apache Week issue #172. Netcraft show Microsoft to have the secure servers. These differences could be due to a sampling effect, as Netcraft surveys ten times more sites, or in the different way the surveys deal with sites which do not have valid third party certificates.