Is the final 2.0.52 identical to httpd-2.0.52-rc1.tar.gz (including
version strings, etc)?
[Just anxious to get cracking on 2.0.52 binaries.]
--
Jess Holle
William A. Rowe, Jr. wrote:
Comments anyone?
Seeing all +1's and no objections, I'm planning to push this out
in the next hour or two.
Bill
Apache HTTP Server 2.0.52 Released
The Apache Software Foundation and the The Apache HTTP Server Project are
pleased to announce the release of version 2.0.52 of the Apache HTTP
Server ("Apache"). This Announcement notes the significant changes
in 2.0.52 as compared to 2.0.51.
This version of Apache is principally a bug fix release. Of
particular note is that 2.0.52 addresses one new security related
flaw introduced in 2.0.51:
Fix merging of the Satisfy directive, which was applied to
the surrounding context and could allow access despite configured
authentication.
[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0811]
The Apache HTTP Server Project would like to thank Rici Lake for
identification and a proposed fix of this flaw.
This release is compatible with modules compiled for 2.0.42 and
later versions. We consider this release to be the best version of
Apache available and encourage users of all prior versions to
upgrade.
Apache HTTP Server 2.0.52 is available for download from
http://httpd.apache.org/download.cgi?update=200409150645
Please see the CHANGES_2.0 file, linked from the above page, for
a full list of changes.
Apache 2.0 offers numerous enhancements, improvements, and performance
boosts over the 1.3 codebase. For an overview of new features introduced
after 1.3 please see
http://httpd.apache.org/docs-2.0/new_features_2_0.html
When upgrading or installing this version of Apache, please keep
in mind the following:
If you intend to use Apache with one of the threaded MPMs, you must
ensure that the modules (and the libraries they depend on) that you
will be using are thread-safe. Please contact the vendors of these
modules to obtain this information.
|
