Welcome!

Apache Authors: Maureen O'Gara, John Savageau, Suresh Krishna Madhuvarsu, Jason Weathersby, Reuven Cohen

Related Topics: Apache, Open Source

Apache: Article

Apache Server Release Fixes Bugs

Foundation Points Out Optimization of 1.3 for Unix
By Apache News Desk
Article Rating:
October 18, 2005 09:45 PM EDT
Reads:
 15,609
The Apache Software Foundation and The Apache HTTP Server Project have released version 1.3.34 of the Apache HTTP
Server. This version of Apache is principally a bug and security fix  release, according to the Foundation.

Of particular note is that 1.3.34 addresses and fixes a pair of potential security issues:

o If a request contains both Transfer-Encoding and Content-Length headers, remove the Content-Length, mitigating
some HTTP Request Splitting/Spoofing attacks.

o Added TraceEnable [on|off|extended] per-server directive to alter the behavior of the TRACE method.

The Foundation says it "considers Apache 1.3.34 to be the best version of Apache 1.3 availableand we strongly recommend that users of older versions, especially of the 1.1.x and 1.2.x family, upgrade as soon as possible. No further
releases will be made in the 1.2.x family."

The Foundation also noted that "Apache 1.3 was designed for  Unix OS variants. While the ports to non-Unix platforms (such as Win32,  Netware or OS2) are of an acceptable quality, Apache 1.3 is not optimized  for these platforms. Security, stability, or performance issues on these non-Unix ports do not generally apply to the Unix version, due to software's Unix origin."

By comparison, Apache 2.0 has been structured for multiple operating systems  from its inception, by introducing the Apache Portability Library and MPM modules. Users on Unix and non-Unix platforms are strongly encouraged to move up to Apache 2.0 for better performance, stability and security on their platforms. "We consider Apache 2.0.55 to be the best available  version at the time of this release," the Foundation says. "We offer Apache 1.3.34 as the best legacy version of Apache 1.3 available, and strongly recommend that users who require compatibility with existing Apache 1.3 installations should upgrade as soon as possible. Users should first consider  upgrading to he current release of Apache 2 instead."

Published October 18, 2005 – Reads 15,609
Copyright © 2005 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.

More Stories By Apache News Desk

Apache News Desk trawls the world's news information sources and brings you timely updates on the Apache Software Foundation community of open-source software projects, Ant, Beehive, Cocoon, Harmony, Jakarta, Maven, and Tomcat.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Most Recent Comments
Enterprise Open Source Magazine News Desk 10/18/05 09:54:53 PM EDT

Enterprise Open Source Magazine - Apache Server Release Fixes Bugs. The Apache Software Foundation and The Apache HTTP Server Project have announced the release of version 1.3.34 of the Apache HTTP Server, with significant changes in 1.3.34 as compared to 1.3.33, primarily bug fixes and security fixes, according to the Foundation.