The new Apache release is available for immediate testing. Please reply-to [EMAIL PROTECTED] with any observed variance between this version and your previous experience with Apache 2.0.36 and 2.0.35 releases.
The packages, until General Availability release tomorrow early a.m. will be at; http://httpd.apache.org/dev/dist/ .tar.gz and .tar.Z files are for Unix builds, -win32-src.zip file is for the Windows builders [with cr/lf line endings.] Win32 .exe and .msi installer packages are online for testing as well. Excerpting tomorrow's announcement; This version of Apache is principally a security and bug fix release. A summary of the bug fixes is given at the end of this document. Of particular note is that 2.0.39 addresses and fixes the issues noted in CAN-2002-0392 (mitre.org) [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding. We would like to thank Mark Litchfield of ngssoftware.com for discovering and reporting the vulnerability. Expect a followup announcement early tommorow of the Apache 1.3.25 release candidate.
