httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@hyperreal.org
Subject cvs commit: apache-site/dist Announcement.html Announcement.txt HEADER.html README.html
Date Wed, 23 Sep 1998 10:17:52 GMT
rse         98/09/23 03:17:52

  Modified:    dist     Announcement.html Announcement.txt HEADER.html
                        README.html
  Log:
  Update dist/ area for Apache 1.3.2
  
  Revision  Changes    Path
  1.9       +21 -51    apache-site/dist/Announcement.html
  
  Index: Announcement.html
  ===================================================================
  RCS file: /export/home/cvs/apache-site/dist/Announcement.html,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- Announcement.html	1998/07/22 20:10:07	1.8
  +++ Announcement.html	1998/09/23 10:17:50	1.9
  @@ -1,40 +1,33 @@
   <HTML>
   <HEAD>
  -<TITLE>Apache 1.3.1 Released</TITLE>
  +<TITLE>Apache 1.3.2 Released</TITLE>
   </HEAD>
   <BODY>
   
  -<H1>Apache 1.3.1 Released</H1>
  +<H1>Apache 1.3.2 Released</H1>
   
   <P>
  -The Apache Group is pleased to announce the release of version 1.3.1 
  -of the Apache HTTP server.  
  +The Apache Group is pleased to announce the release of version
  +1.3.2 of the Apache HTTP server.  
   
   <P>
  -The changes in this release consist of UNIX portability fixes, Win32
  -security issues, and assorted other minor features or fixes.  
  +The changes in this release consist of Unix portability fixes,
  +DoS issues, Proxy and DSO enhancements, and assorted other minor
  +features or fixes.  Users should review the CHANGES file and
  +decide on their upgrade plans; We consider Apache 1.3.2 to be the
  +most stable version of Apache available.
   
   <P>
  -<B>WE URGE ALL USERS RUNNING ANY PREVIOUS VERSION OF APACHE ON WIN32
  -TO UPGRADE IMMEDIATELY.</B>
  +Apache 1.3.2 is available for download from
   
  -<P>
  -Users on other platforms should review the CHANGES file and decide
  -on their upgrade plans; the security issues apply only to Apache
  -on Win32.  We consider Apache 1.3.1 to be the most stable version
  -of Apache available.
  -
  -<P>
  -Apache 1.3.1 is available for download from
  -
   <UL>
   	<A HREF="http://www.apache.org/dist/">http://www.apache.org/dist/</A>
   </UL>
   
   <P>
  -Please see the CHANGES file in the same directory for a full list of 
  -changes.  The distribution is also available via any of the mirrors
  -listed at
  +Please see the CHANGES_1.3 file in the same directory for a full
  +list of changes.  The distribution is also available via any of
  +the mirrors listed at
   
   <UL>
   	<A HREF="http://www.apache.org/mirrors/">http://www.apache.org/mirrors/</A>
  @@ -49,17 +42,17 @@
   
   <P>
   In general, Apache 1.3 offers several substantial improvements
  -over version 1.2, including better performance, reliability
  -and a wider-range of supported platforms, including Windows 95 and
  -NT (which both fall under the "Win32" label).
  +over version 1.2, including better performance, reliability and a
  +wider-range of supported platforms, including Windows 95 and NT
  +(which both fall under the "Win32" label).
   
   <P>
   Apache is the most popular web-server in the known universe; over
  -half of the servers on the Internet are running Apache or one of its
  -variants.
  +half of the servers on the Internet are running Apache or one of
  +its variants.
   
   <P>
  -<B>IMPORTANT NOTE FOR WIN32 USERS:</B> Over the years, many users have
  +IMPORTANT NOTE FOR WIN32 USERS: Over the years, many users have
   come to trust Apache as a secure and stable server.  It must
   be realized that the current Win32 code has not yet reached these
   levels and should still be considered to be of beta quality.  Any
  @@ -68,29 +61,6 @@
   and resources by individuals and companies, we hope that the Win32
   version of Apache will grow stronger through the 1.3.x release
   cycle.
  -
  -<P>Versions of Apache on Win32 prior to version 1.3.1 are vulnerable
  -to a number of security holes common to several Win32 servers.
  -The problems that impact Apache include:
   
  -<UL>
  -	<LI> trailing "."s are ignored by the file system.  This allowed
  -	  certain types of access restrictions to be bypassed.
  -	<LI>directory names of three or more dots (eg. "...") are
  -    	  considered to be valid similar to "..".  This allowed people
  -	  to gain access to files outside of the configured document
  -	  trees.
  -</UL>
  -
  -<P>
  -There have been at least four other similar instances of the same
  -basic problem: on Win32, there is more than one name for a file.
  -Some of these names are poorly documented or undocumented, and even
  -Microsoft's own IIS has been vulnerable to many of these problems.
  -This behavior of the Win32 file system and API makes it very difficult
  -to insure future security; problems of this type have been known
  -about for years, however each specific instance has been discovered
  -individually.  It is unknown if there are other, yet unpublicized,
  -filename variants.  As a result, we recommend that you use extreme
  -caution when dealing with access restrictions on all Win32 web
  -servers.
  +</BODY>
  +</HTML>
  
  
  
  1.5       +20 -47    apache-site/dist/Announcement.txt
  
  Index: Announcement.txt
  ===================================================================
  RCS file: /export/home/cvs/apache-site/dist/Announcement.txt,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- Announcement.txt	1998/07/22 20:10:07	1.4
  +++ Announcement.txt	1998/09/23 10:17:51	1.5
  @@ -1,42 +1,37 @@
  -Apache 1.3.1 Released
  +Apache 1.3.2 Released
   =====================
   
  -The Apache Group is pleased to announce the release of version 1.3.1 
  -of the Apache HTTP server.  
  +The Apache Group is pleased to announce the release of version
  +1.3.2 of the Apache HTTP server.  
   
  -The changes in this release consist of UNIX portability fixes, Win32
  -security issues, and assorted other minor features or fixes.  
  +The changes in this release consist of Unix portability fixes,
  +DoS issues, Proxy and DSO enhancements, and assorted other minor
  +features or fixes.  Users should review the CHANGES file and
  +decide on their upgrade plans; We consider Apache 1.3.2 to be the
  +most stable version of Apache available.
   
  -WE URGE ALL USERS RUNNING ANY PREVIOUS VERSION OF APACHE ON WIN32
  -TO UPGRADE IMMEDIATELY.
  +Apache 1.3.2 is available for download from
   
  -Users on other platforms should review the CHANGES file and decide
  -on their upgrade plans; the security issues apply only to Apache
  -on Win32.  We consider Apache 1.3.1 to be the most stable version
  -of Apache available.
  +    http://www.apache.org/dist/
   
  -Apache 1.3.1 is available for download from
  +Please see the CHANGES_1.3 file in the same directory for a full
  +list of changes.  The distribution is also available via any of
  +the mirrors listed at
   
  -	http://www.apache.org/dist/
  +    http://www.apache.org/mirrors/
   
  -Please see the CHANGES file in the same directory for a full list of 
  -changes.  The distribution is also available via any of the mirrors
  -listed at
  -
  -	http://www.apache.org/mirrors/
  -
   For an overview of new features in 1.3 please see
   
  -	http://www.apache.org/docs/new_features_1_3.html
  +    http://www.apache.org/docs/new_features_1_3.html
   
   In general, Apache 1.3 offers several substantial improvements
  -over version 1.2, including better performance, reliability
  -and a wider-range of supported platforms, including Windows 95 and
  -NT (which both fall under the "Win32" label).
  +over version 1.2, including better performance, reliability and a
  +wider-range of supported platforms, including Windows 95 and NT
  +(which both fall under the "Win32" label).
   
   Apache is the most popular web-server in the known universe; over
  -half of the servers on the Internet are running Apache or one of its
  -variants.
  +half of the servers on the Internet are running Apache or one of
  +its variants.
   
   IMPORTANT NOTE FOR WIN32 USERS: Over the years, many users have
   come to trust Apache as a secure and stable server.  It must
  @@ -48,25 +43,3 @@
   version of Apache will grow stronger through the 1.3.x release
   cycle.
   
  -Versions of Apache on Win32 prior to version 1.3.1 are vulnerable
  -to a number of security holes common to several Win32 servers.
  -The problems that impact Apache include:
  -
  -	- trailing "."s are ignored by the file system.  This allowed
  -	  certain types of access restrictions to be bypassed.
  -	- directory names of three or more dots (eg. "...") are
  -    	  considered to be valid similar to "..".  This allowed people
  -	  to gain access to files outside of the configured document
  -	  trees.
  -
  -There have been at least four other similar instances of the same
  -basic problem: on Win32, there is more than one name for a file.
  -Some of these names are poorly documented or undocumented, and even
  -Microsoft's own IIS has been vulnerable to many of these problems.
  -This behavior of the Win32 file system and API makes it very difficult
  -to insure future security; problems of this type have been known
  -about for years, however each specific instance has been discovered
  -individually.  It is unknown if there are other, yet unpublicized,
  -filename variants.  As a result, we recommend that you use extreme
  -caution when dealing with access restrictions on all Win32 web
  -servers.
  
  
  
  1.4       +1 -1      apache-site/dist/HEADER.html
  
  Index: HEADER.html
  ===================================================================
  RCS file: /export/home/cvs/apache-site/dist/HEADER.html,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- HEADER.html	1998/07/22 20:14:45	1.3
  +++ HEADER.html	1998/09/23 10:17:51	1.4
  @@ -5,5 +5,5 @@
   closer mirror to you.<BR> 
   <A HREF="http://www.apache.org/dyn/closer.cgi">Go here to find it.</A>
   <H2>
  - Apache 1.3.1 for Win32 is now available.
  + Apache 1.3.2 for Unix and Win32 is now available.
   </H2>
  
  
  
  1.17      +4 -4      apache-site/dist/README.html
  
  Index: README.html
  ===================================================================
  RCS file: /export/home/cvs/apache-site/dist/README.html,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- README.html	1998/07/22 20:14:45	1.16
  +++ README.html	1998/09/23 10:17:51	1.17
  @@ -1,7 +1,7 @@
  -<H2>Apache 1.3.1 Released</H2>
  +<H2>Apache 1.3.2 Released</H2>
   
  -<P>Apache 1.3.1 is a maintenance release with numerous protocol bug
  -fixes.  For details, see the <A HREF="CHANGES_1.3">v1.3 CHANGES</A>
  +<P>Apache 1.3.2 is a maintenance release with numerous bug
  +fixes. For details, see the <A HREF="CHANGES_1.3">v1.3 CHANGES</A>
   file.
   
   <P>For information about new features in 1.3, see the 
  @@ -31,7 +31,7 @@
   distribution.</P>
   <PRE>e.g.
   % pgpk -a KEYS
  -% pgpv apache_1.3.1.tar.gz.asc
  +% pgpv apache_1.3.2.tar.gz.asc
   </PRE>
   
   <H2>Contributory Patches/Modules/Code</H2>
  
  
  

Mime
View raw message