Friday, February 3, 2012

Apache Releases v2.2.22 for Apache HTTP Server

ApacheThe release of Apache HTTP Server v2.2.22 has just been announced by both the Apache Software Foundation and the Apache HTTP Server Project. The Apache HTTP Server Project has stated that this release is definitely the best version of Apache HTTP Server released so far and is encouraging all of its users to to upgrade as soon as possible.

Version 2.2.22 of Apache HTTP Server 2.2.22 is mainly an update that fixes security issues and bugs. However, there are a number of significant security fixes that are included in v2.2.22. These include:

  • Reject requests when the request-URL doesn't match HTTP specification.

  • Fix integer overflow in ap_pregsaub().

  • Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule.

  • Fix segfault when the '%{cookiename}C' log format string is in use and a client sends a nameles, valueless cookiee, causing a DoS.

  • Fix scoreboard issue which could allow an unprivileged child process to cause the parent process to crash and shutdown in stead of terminating cleanly.

  • Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400.

Version 2.2.22 of Apache HTTP Server is currently available for download if you want it. The CHANGES_2.2 file, which is found on the download page, has the entire list of everything that is changed in v2.2.22 and a condensed list, known as CHANGES_2.2.22, includes only those changes since the prior release of v2.2. If you want to, you can also view an entire summary of all the security vulnerabilities addressed in this release, as well as earlier releases.

The summary includes version 1.4.5 of Apache Portable Runtime (APR) as well as APR Utility Library (APR-util) version 1.4.2, which is also paired with the tar and zip distributions. The Apache Portable Runtime libraries libapr and libaprutil, as well as Win32, libapriconv v.1.2.1, must all be updated for binary compatibility and to address a lot of known security and platform bugs.

Whenever you do decide to upgrade or install v2.2.22, keep in mind that if you are going to be using Apache HTTP Server with a threaded MPM other than the Prefork MPM, you need to ensure that all modules you will be using, as well as their libraries, are thread-safe.

Source: - Apache HTTP Server 2.2.22 Released
Server Watch - Apache HTTP Server 2.2.22 Released

Find out what is going on in the Tech Army World.

What are the Top 10 Money Making Missions?

What other companies have joined and what do they do?

How do I join the
Tech Army Organization ?

No comments:

Post a Comment