Apache HTTPD 2.4.3 Stable

Bu konuyu okuyanlar


4 Mayıs 2008
Reaksiyon puanı

Apache HTTPD 2.2.22 Stable Windows
Apache HTTPD 2.4.3 Stable Linux

Apache, GNU lisanslı yani açık kaynak kodlu bir sunucu programıdır.

Unix, GNU, FreeBSD, Linux, Solaris, Novell NetWare, Mac OS X, Microsoft Windows, OS/2, TPF, ve eComStation işletim sistemleri üzerinde çalışabilir. Genelde her ay yenilenerek yeni sürümleri dağıtılmaktadır. World Wide Web'in genişlemesinde ve yayılmasında anahtar rol oynamıştır. Nisan 1996'dan bugüne Apache İnternet'teki en yaygın web sunucusu olmuştur. Haziran 2008 itibarıyla Netcraft 'ın 172,338,726 web sitesinden bilgi toplayarak yaptığı araştırmaya göre İnternet'teki sitelerin yüzde %49.12'si Apache kullanmaktadır ki bu değere de Kasım 2005'teki %70 civarındaki tarihi tepe noktasından aşağı inerek gelinmiştir. [1] Netcraft'ın sitesindeki grafiğe bakıldığında Apache kullanımındaki bu düşüşün Microsoft sunucularının kullanımının artmasından kaynaklandığı netleşmektedir.

Yine Netcraft'ın sitesinden, Google 'ın kendi web sunucusu olan GWS ("Google Web Server") 'ın da yaklaşık son bir yıldır ciddi bir çıkış içerisinde olduğu görülmektedir. GWS 'nin "server header" 'ları geliştirilerek derlenmiş bir Apache olduğu doğrulanmıştır. [2]

GWS 'nin oran olarak yükselmesinin sebebi olarak ise zaten çok sayıda sunucuya sahip Google'ın GWS kullanmaya başlamış olduğu düşünülmektedir.


Changes with Apache 2.4.3

*) SECURITY: CVE-2012-3502 (cve.mitre.org)
mod_proxy_ajp, mod_proxy_http: Fix an issue in back end
connection closing which could lead to privacy issues due
to a response mixup. PR 53727. [Rainer Jung]

*) SECURITY: CVE-2012-2687 (cve.mitre.org)
mod_negotiation: Escape filenames in variant list to prevent an
possible XSS for a site where untrusted users can upload files to
a location with MultiViews enabled. [Niels Heinen <heinenn google.com>]

*) mod_authnz_ldap: Don't try a potentially expensive nested groups
search before exhausting all AuthLDAPGroupAttribute checks on the
current group. PR 52464 [Eric Covener]

*) mod_lua: Add new directive LuaAuthzProvider to allow implementing an
authorization provider in lua. [Stefan Fritsch]

*) core: Be less strict when checking whether Content-Type is set to
"application/x-www-form-urlencoded" when parsing POST data,
or we risk losing data with an appended charset. PR 53698
[Petter Berntsen <petterb gmail.com>]

*) httpd.conf: Added configuration directives to set a bad_DNT environment
variable based on User-Agent and to remove the DNT header field from
incoming requests when a match occurs. This currently has the effect of
removing DNT from requests by MSIE 10.0 because it deliberately violates
the current specification of DNT semantics for HTTP. [Roy T. Fielding]

*) mod_socache_shmcb: Fix bus error due to a misalignment
in some 32 bit builds, especially on Solaris Sparc.
PR 53040. [Rainer Jung]

*) mod_cache: Set content type in case we return stale content.
[Ruediger Pluem]

*) Windows: Fix SSL failures on windows with AcceptFilter https none.
PR 52476. [Jeff Trawick]

*) ab: Fix read failure when targeting SSL server. [Jeff Trawick]

*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
- mod_auth_digest: shared memory file
[Jeff Trawick]

*) htpasswd: Use correct file mode for checking if file is writable.
PR 45923. [Stefan Fritsch]

*) mod_rewrite: Fix crash with dbd RewriteMaps. PR 53663. [Mikhail T.
<mi apache aldan algebra com>]

*) mod_ssl: Add new directive SSLCompression to disable TLS-level
compression. PR 53219. [Björn Jacke <bjoern j3e de>, Stefan Fritsch]

*) mod_lua: Add a few missing request_rec fields. Rename remote_ip to
client_ip to match conn_rec. [Stefan Fritsch]

*) mod_lua: Change prototype of vm_construct, to work around gcc bug which
causes a segfault. PR 52779. [Dick Snippe <Dick Snippe tech omroep nl>]

*) mpm_event: Don't count connections in lingering close state when
calculating how many additional connections may be accepted.
[Stefan Fritsch]

*) mod_ssl: If exiting during initialization because of a fatal error,
log a message to the main error log pointing to the appropriate
virtual host error log. [Stefan Fritsch]

*) mod_proxy_ajp: Reduce memory usage in case of many keep-alive requests on
one connection. PR 52275. [Naohiro Ooiwa <naohiro ooiwa miraclelinux com>]

*) mod_proxy_balancer: Restore balancing after a failed worker has
recovered when using lbmethod_bybusyness. PR 48735. [Jeff Trawick]

*) mod_setenvif: Compile some global regex only once during startup.
This should save some memory, especially with .htaccess.
[Stefan Fritsch]

*) core: Add the port number to the vhost's name in the scoreboard.
[Stefan Fritsch]

*) mod_proxy: Fix ProxyPassReverse for balancer configurations.
PR 45434. [Joe Orton]

*) mod_lua: Add the parsebody function for parsing POST data. PR 53064.
[Daniel Gruno]

*) apxs: Use LDFLAGS from config_vars.mk in addition to CFLAGS and CPPFLAGS.
[Stefan Fritsch]

*) mod_proxy: Fix memory leak or possible corruption in ProxyBlock
implementation. [Ruediger Pluem, Joe Orton]

*) mod_proxy: Check hostname from request URI against ProxyBlock list,
not forward proxy, if ProxyRemote* is configured. [Joe Orton]

*) mod_proxy_connect: Avoid DNS lookup on hostname from request URI
if ProxyRemote* is configured. PR 43697. [Joe Orton]

*) mpm_event, mpm_worker: Remain active amidst prevalent child process
resource shortages. [Jeff Trawick]

*) Add "strict" and "warnings" pragmas to Perl scripts. [Rich Bowen]

*) The following now respect DefaultRuntimeDir/DEFAULT_REL_RUNTIMEDIR:
- core: the scoreboard (ScoreBoardFile), pid file (PidFile), and
mutexes (Mutex)
[Jim Jagielski]

*) ab: Fix bind() errors. [Joe Orton]

*) mpm_event: Don't do a blocking write when starting a lingering close
from the listener thread. PR 52229. [Stefan Fritsch]

*) mod_so: If a filename without slashes is specified for LoadFile or
LoadModule and the file cannot be found in the server root directory,
try to use the standard dlopen() search path. [Stefan Fritsch]

*) mpm_event, mpm_worker: Fix cases where the spawn rate wasn't reduced
after child process resource shortages. [Jeff Trawick]

*) mpm_prefork: Reduce spawn rate after a child process exits due to
unexpected poll or accept failure. [Jeff Trawick]

*) core: Log value of Status header line in script responses rather
than the fixed header name. [Chris Darroch]

*) mpm_ssl: Fix handling of empty response from OCSP server.
[Jim Meyering <meyering redhat.com>, Joe Orton]

*) mpm_event: Fix handling of MaxConnectionsPerChild. [Stefan Fritsch]

*) mod_authz_core: If an expression in "Require expr" returns denied and
references %{REMOTE_USER}, trigger authentication and retry. PR 52892.
[Stefan Fritsch]

*) core: Always log if LimitRequestFieldSize triggers. [Stefan Fritsch]

*) mod_deflate: Skip compression if compression is enabled at SSL level.
[Stefan Fritsch]

*) core: Add missing HTTP status codes registered with IANA.
[Julian Reschke <julian.reschke gmx.de>, Rainer Jung]

*) mod_ldap: Treat the "server unavailable" condition as a transient
error with all LDAP SDKs. [Filip Valder <filip.valder vsb.cz>]

*) core: Fix spurious "not allowed here" error returned when the Options
directive is used in .htaccess and "AllowOverride Options" (with no
specific options restricted) is configured. PR 53444. [Eric Covener]

*) mod_authz_core: Fix parsing of Require arguments in <AuthzProviderAlias>.
PR 53048. [Stefan Fritsch]

*) mod_log_config: Fix %{abc}C truncating cookie values at first "=".
PR 53104. [Greg Ames]

*) mod_ext_filter: Fix error_log spam when input filters are configured.
[Joe Orton]

*) mod_rewrite: Add "AllowAnyURI" option. PR 52774. [Joe Orton]

*) htdbm, htpasswd: Don't crash if crypt() fails (e.g. with FIPS enabled).
[Paul Wouters <pwouters redhat.com>, Joe Orton]

*) core: Use a TLS 1.0 close_notify alert for internal dummy connection if
the chosen listener is configured for https. [Joe Orton]

*) mod_proxy: Use the the same hostname for SNI as for the HTTP request when
forwarding to SSL backends. PR 53134.
[Michael Weiser <michael weiser.dinsnail.net>, Ruediger Pluem]

*) mod_info: Display all registered providers. [Stefan Fritsch]

*) mod_ssl: Send the error message for speaking http to an https port using
HTTP/1.0 instead of HTTP/0.9, and omit the link that may be wrong when
using SNI. PR 50823. [Stefan Fritsch]

*) core: Fix segfault in logging if r->useragent_addr or c->client_addr is
unset. PR 53265. [Stefan Fritsch]

*) log_server_status: Bring Perl style forward to the present, use
standard modules, update for new format of server-status output.
PR 45424. [Richard Bowen, Dave Brondsema, and others]

*) mod_sed, mod_log_debug, mod_rewrite: Symbol namespace cleanups.
[Joe Orton, André Malo]

*) core: Prevent "httpd -k restart" from killing server in presence of
config error. [Joe Orton]

*) mod_proxy_fcgi: If there is an error reading the headers from the
backend, send an error to the client. PR 52879. [Stefan Fritsch]

Son mesajlar