httpd-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <pque...@apache.org>
Subject Apache HTTP Server 2.1.6-alpha Released
Date Tue, 28 Jun 2005 01:36:02 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

              Apache HTTP Server 2.1.6-alpha Released

The Apache Software Foundation and The Apache HTTP Server Project are
pleased to announce the release of version 2.1.6-alpha of the Apache
HTTP Server ("Apache"). This alpha release should not be presumed to
be compatible with binaries built against any prior or future version.

The 2.1.6-alpha release addresses a security vulnerability present
in all previous 2.x versions.  This fault did not affect Apache 1.3.x
(which did not proxy keepalives or chunked transfer encoding);

    Proxy HTTP: If a response contains both Transfer-Encoding
    and a Content-Length, remove the Content-Length to eliminate
    an HTTP Request Smuggling vulnerability and don't reuse the
    connection, stopping some HTTP Request Spoofing attacks.

The Apache HTTP Server Project thanks the Watchfire team of Linhart,
Klein, Heled and Orrin for the responsible notification and disclosure
of this information.

Apache HTTP Server 2.1.6-alpha is available for download from:

   http://httpd.apache.org/download.cgi

Please see the CHANGES_2.1 file, linked from the above page, for a full
list of changes.

Apache 2.1 offers numerous enhancements, improvements, and performance
boosts over the 2.0 codebase.  For an overview of new features
introduced after 2.0 please see:

  http://httpd.apache.org/docs-2.1/new_features_2_2.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFCwKmC94h19kJyHwARAvBgAJ9yv/vSYThPd3+BA5axX5B6eKuC2QCfUqXm
zCsd3SPiLcSnSTDE0r1844I=
=G1cX
-----END PGP SIGNATURE-----

Mime
View raw message