Return-Path: <striker@apache.org>
Mailing-List: contact announce-help@httpd.apache.org; run by ezmlm
Delivered-To: mailing list announce@httpd.apache.org
Delivered-To: moderator for announce@httpd.apache.org
Received: (qmail 12593 invoked by uid 99); 30 Jun 2004 23:29:23 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=
X-Spam-Check-By: apache.org
Received: from [213.84.19.217] (HELO localhost.localdomain) (213.84.19.217)
  by apache.org (qpsmtpd/0.27.1) with ESMTP; Wed, 30 Jun 2004 16:29:19 -0700
Received: by localhost.localdomain (Postfix, from userid 500)
	id A27C91C3C9A; Thu,  1 Jul 2004 01:28:48 +0200 (CEST)
Subject: [ANNOUNCE] Apache HTTP Server 2.0.50 Released
From: Sander Striker <striker@apache.org>
To: announce@httpd.apache.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-Id: <1088638128.1973.4.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.5 
Date: Thu, 01 Jul 2004 01:28:48 +0200
X-Virus-Checked: Checked


                   Apache HTTP Server 2.0.50 Released

   The Apache Software Foundation and the  The Apache HTTP Server Project are
   pleased to announce the release of version 2.0.50 of the Apache HTTP
   Server ("Apache").  This Announcement notes the significant changes
   in 2.0.50 as compared to 2.0.49.  The Announcement is also available in
   German from:
     
     http://www.apache.org/dist/httpd/Announcement2.txt.de

   This version of Apache is principally a bug fix release.  A summary of
   the bug fixes is given at the end of this document.  Of particular
   note is that 2.0.50 addresses two security vulnerabilities:

     A remotely triggered memory leak in http header parsing can allow a
     denial of service attack due to excessive memory consumption.
     [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493]

     Fixes a mod_ssl buffer overflow in the FakeBasicAuth code for a
     (trusted) client certificate subject DN which exceeds 6K in length.
     [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0488]
 
   This release is compatible with modules compiled for 2.0.42 and later
   versions.  We consider this release to be the best version of Apache
   available and encourage users of all prior versions to upgrade.

   Apache HTTP Server 2.0.50 is available for download from

     http://httpd.apache.org/download.cgi

   Please see the CHANGES_2.0 file, linked from the above page, for
   a full list of changes.

   Apache 2.0 offers numerous enhancements, improvements, and performance
   boosts over the 1.3 codebase.  For an overview of new features introduced
   after 1.3 please see

     http://httpd.apache.org/docs-2.0/new_features_2_0.html

   When upgrading or installing this version of Apache, please keep
   in mind the following:
   If you intend to use Apache with one of the threaded MPMs, you must
   ensure that the modules (and the libraries they depend on) that you
   will be using are thread-safe.  Please contact the vendors of these
   modules to obtain this information.