I'm pleased to announce that mod_perl 2.0.8 is coming to a CPAN mirror near you, as well as the following Apache project website links (note that the Apache.org links may take a few hours to propagate to the mirrors).
Thanks to all the contributors on this version! http://apache.org/dist/perl/mod_perl-2.0.8.tar.gz http://apache.org/dist/perl/mod_perl-2.0.8.tar.gz.asc (pgp sig) file: $CPAN/authors/id/P/PH/PHRED/mod_perl-2.0.8.tar.gz size: 3790026 bytes md5: df89f50a39e93ba5054651c281483ffb =item 2.0.8 April 17, 2013 Perl 5.16.3's fix for a rehash-based DoS makes it more difficult to invoke the workaround for the old hash collision attack, which breaks mod_perl's t/perl/hash_attack.t. Patch from rt.cpan.org #83916 improves the fix previously applied as revision 1455340. [Zefram] On Perl 5.17.6 and above, hash seeding has changed, and HvREHASH has disappeared. Patch to update mod_perl accordingly from rt.cpan.org #83921. [Zefram] Restore build with Perl 5.8.1, 5.8.2 etc: take care to use $Config{useithreads} rather than $Config{usethreads}, and supply definitions of Newx and Newxz as necessary. [Steve Hay] On Perl 5.17.9, t/apache/read2.t fails because an "uninitialized value" warning is generated for the buffer being autovivified. This is because the sv_setpvn() that's meant to vivify the buffer doesn't perform set magic; the warning is generated by the immediately following SvPV_force(). Patch to fix this from rt.cpan.org #83922. [Zefram] Fix t/perl/hash_attack.t to work with Perl 5.14.4, 5.16.3 etc, which contain a fix for CVE-2013-1667 (memory exhaustion with arbitrary hash keys). This resolves rt.perl.org #116863, from where the patch was taken. [Hugo van der Sanden] use APR::Finfo instead of Perl's stat() in ModPerl::RegistryCooker to generate HTTP code 404 even if the requested filename contains newlines [Torsten] Remove all uses of deprecated core perl symbols. [Steve Hay] Add branch release tag to 'make tag' target. [Phred]
