According to http://httpd.apache.org/: This version of Apache is principally a bug fix release. Of particular note is that 2.0.50 addresses one security vulnerability:
A remotely triggered memory leak in http header parsing can allow a denial of service attack due to excessive memory consumption. [CAN-2004-0493] Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a (trusted) client certificate subject DN which exceeds 6K in length. [CAN-2004-0488] If 2.0.50 addresses "one security vulnerability", why are two listed? I thought CAN-2004-0488 was for 1.3.x? -- albert chin ([EMAIL PROTECTED])