httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mar...@apache.org
Subject cvs commit: apache-site/dist Announcement.html Announcement.txt
Date Mon, 26 Feb 2001 15:22:10 GMT
martin      01/02/26 07:22:10

  Modified:    dist     Announcement.html Announcement.txt
  Log:
  Update announcements to 1.3.19
  
  Revision  Changes    Path
  1.22      +107 -79   apache-site/dist/Announcement.html
  
  Index: Announcement.html
  ===================================================================
  RCS file: /home/cvs/apache-site/dist/Announcement.html,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -u -r1.21 -r1.22
  --- Announcement.html	2001/01/30 02:10:30	1.21
  +++ Announcement.html	2001/02/26 15:22:08	1.22
  @@ -1,108 +1,136 @@
   <HTML>
  -<HEAD><TITLE>Apache 1.3.17 Released</TITLE></HEAD><BODY>
  +<HEAD><TITLE>Apache 1.3.19 Released</TITLE></HEAD>
  +<BODY BGCOLOR=white>
   
  -<h1>Apache 1.3.17 Released</h1>
  +                <h1 align=center>Apache 1.3.19 Released</h1>
   
  -The Apache Software Foundation and The Apache Server Project are
  -pleased to announce the release of version 1.3.17 of the Apache HTTP
  -server. Version 1.3.15 was not released due to problems when
  -tagging the tree. Version 1.3.16 was not released due to
  -some last minute bug fixes required after it was tagged.
  -<p>
  -This version of Apache is primarily a bug fix release, addressing
  -some broken functionality present in the 1.3.14 release and
  -various Win32 issues. There are, however, a few new features and
  -improvements. A summary of the new features is given at the end of
  -this document.
  -<p>
  -We consider Apache 1.3.17 to be the best version of Apache available
  -and we strongly recommend that users of older versions, especially of
  -the 1.1.x and 1.2.x family, upgrade as soon as possible. No further
  -releases will be made in the 1.2.x family.
  +   The Apache Software Foundation and The Apache Server Project are
  +   pleased to announce the release of version 1.3.19 of the Apache HTTP
  +   server. (Version 1.3.18 was not released due to an incorrect fix
  +   addressing hostnames with url-escaped characters. A corrected fix will
  +   be included in the next release)
  +<p>
  +   This version of Apache is primarily a security fix release
  +   addressing a problem which could lead to a direcvtory listing being
  +   displayed in place of an error message. Also, it fixes    
  +   some broken functionality present in the 1.3.17 release and
  +   various Win32 issues.
  +   A summary of the new features is given at the end of this document.
  +<p>
  +   We consider Apache 1.3.19 to be the best version of Apache available
  +   and we strongly recommend that users of older versions, especially of
  +   the 1.1.x and 1.2.x family, upgrade as soon as possible. No further
  +   releases will be made in the 1.2.x family.
   <p>
  -Apache 1.3.17 is available for download from
  +   Apache 1.3.19 is available for download from
   <blockquote>
  -    <a href="http://httpd.apache.org/dist/">http://httpd.apache.org/dist/</a>
  +     <a href="http://httpd.apache.org/dist/">http://httpd.apache.org/dist/</a>
   </blockquote>
  -Please see the <a href="http://httpd.apache.org/dist/CHANGES_1.3">CHANGES_1.3</a>
file 
  -in the same directory for a full list of changes.
  +   Please see the <a href="http://httpd.apache.org/dist/CHANGES_1.3">CHANGES_1.3</a>
file in the same directory for a full list
  +   of changes.
   <p>
   
  -Binary distributions are available from
  +   Binary distributions are available from
   <blockquote>
  -   <a href="http://httpd.apache.org/dist/binaries/">http://httpd.apache.org/dist/binaries/</a>
  +     <a href="http://httpd.apache.org/dist/binaries/">http://httpd.apache.org/dist/binaries/</a>
   </blockquote>
  -
  -As of Apache 1.3.12 binary distributions contain all standard Apache
  -modules as shared objects (if supported by the platform) and include
  -full source code.  Installation is easily done by executing the
  -included install script.  See the README.bindist and INSTALL.bindist
  -files for a complete explanation.  Please note that the binary
  -distributions are only provided for your convenience and current
  -distributions for specific platforms are not always available.
  -<p>
  -The source and binary distributions are also available via any of the
  -mirrors listed at
  -
  +   The source and binary distributions are also available via any of the
  +   mirrors listed at
   <blockquote>
  -    <a href="http://www.apache.org/mirrors/">http://www.apache.org/mirrors/</a>
  +     <a href="http://www.apache.org/mirrors/">http://www.apache.org/mirrors/</a>
   </blockquote>
   
  -For an overview of new features in 1.3 please see
  +   As of Apache 1.3.12 binary distributions contain all standard Apache
  +   modules as shared objects (if supported by the platform) and include
  +   full source code. Installation is easily done by executing the
  +   included install script. See the README.bindist and INSTALL.bindist
  +   files for a complete explanation. Please note that the binary
  +   distributions are only provided for your convenience and current
  +   distributions for specific platforms are not always available.
  +<p>
  +   As of Apache 1.3.17 the Win32 binary distribution is now based on the
  +   Microsoft Installer (.MSI) technology.  This change occured in order
  +   to resolve the many problems WinME and Win2K users experienced with
  +   the older InstallShield-based installer .exe file.  Development
  +   continues to make this new installation method more robust, questions
  +   should be directed at the news:comp.infosystems.www.servers.ms-windows
  +   news group.  Apache 1.3.17 for Win32 also marked the first 'initial 
  +   release quality' version available for Win32, and users are strongly
  +   discouraged from using the older 'beta quality releases'.
  +<p>
  +   For an overview of new features introduced after 1.2 please see
   <blockquote>
  -    <a href="http://httpd.apache.org/docs/new_features_1_3.html">http://httpd.apache.org/docs/new_features_1_3.html</a>
  +     <a href="http://httpd.apache.org/docs/new_features_1_3.html">http://httpd.apache.org/docs/new_features_1_3.html</a>
   </blockquote>
  -
  -In general, Apache 1.3 offers several substantial improvements
  -over version 1.2, including better performance, reliability and a
  -wider range of supported platforms, including Windows 95/98 and NT
  -(which fall under the "Win32" label).
  -<p>
  -Apache is the most popular web server in the known universe; over
  -half of the servers on the Internet are running Apache or one of
  -its variants.
  -<p>
  -
  -<FONT COLOR=red>IMPORTANT NOTE FOR WIN32 USERS:</font> 
  -Over the years, many users have
  -come to trust Apache as a secure and stable server.  It must
  -be realized that the current Win32 code has not yet reached the
  -levels of the Unix version, but is of acceptable quality. Any
  -Win32 stability or security problems do not impact, in any way,
  -Apache on other platforms.  
   
  -<h1>Apache 1.3.17 Major changes</h1>
  +   In general, Apache 1.3 offers several substantial improvements over
  +   version 1.2, including better performance, reliability and a wider
  +   range of supported platforms, including Windows 95/98 and NT (which
  +   fall under the "Win32" label).
  +<p>
  +   Apache is the most popular web server in the known universe; over half
  +   of the servers on the Internet are running Apache or one of its
  +   variants.
  +<p>
  +
  +   <FONT COLOR=red>IMPORTANT NOTE FOR WIN32 USERS:</font> 
  +   Over the years, many users have come
  +   to trust Apache as a secure and stable server. It must be realized
  +   that the current Win32 code has not yet reached the levels of the Unix
  +   version, but is of acceptable quality. Any Win32 stability or security
  +   problems do not impact, in any way, Apache on other platforms.
  +<p>
  +               <h1 align=center>Apache 1.3.19 Major changes</h1>
   
  +   The primary security fix is:
  +   <ul>
  +     <li> The default installation could lead mod_negotiation and mod_dir or
  +       mod_autoindex to display a directory listing instead of the 
  +       multiview'ed index.html.* files, if a very long path was created 
  +       artificially by using many slashes.  Now 403 FORBIDDEN is returned.
  +   </ul>
  +<p>
      The bug fixes are:
      <ul>
  -     <li>Correct handling of request byte ranges as specified by RFC 2616.
  -     <li>Restore functionality broken by the <tt>mod_rewrite</tt> security
fix:
  -       rewrite map lookup keys and default values are now expanded
  -       so that the lookup can depend on the requested URI etc.
  -     <li>PHP now works under Unixware 7.
  -     <li>Eliminate caching problems of <tt>mod_autoindex</tt> results.
  -     <li>Win32 CGI execution on all Windows platforms is corrected.
  -     <li>NetWare file and path fixes.
  -   </ul> 
  +     <li> The ServerRoot directive now removes trailing slashes.
  +     <li> Restore functionality broken by the mod_rewrite security fix:
  +       The mod_rewrite string arithmetic is corrected for rewrite map.
  +     <li> Some possible segfault conditions have been fixed.
  +     <li> Under certain circumstances, Apache did not supply the
  +       right response headers when requiring authentication.
  +   </ul>
  +<p>
      The main new features include:
      <ul>
  -     <li>Add a new <tt>LogFormat</tt> directive, <tt>%c</tt>.
  -     <li><tt>mod_status</tt> now respects <tt>?refresh=n</tt>
of 1 or greater.
  -     <li><tt>mod_autoindex</tt> fixes browser caching by sending LastModified
  -       and ETag headers if <tt>IndexOptions TrackModified</tt> is enabled.
  +     <li> New configuration error reporting if the UserDir argument is set
  +       to a relative path on Win32 or Netware [which do not support home
  +       directories], or a relative path on any platform if that path
  +       includes the '*' username substitution.
      </ul>
  +<p>
      Selected new features that relate to Windows platforms:
      <ul>
  -     <li>Complete handling of ScriptInterpreterSource Registry execution.
  -     <li>NT and 2000 services can be started with -D FOO style options.
  -     <li>The close console window button/menu option on 95 and 98 works.
  +     <li> Apache on Win9x now ensures the service is stopped before removal.
  +     <li> Test httpd.conf (-t) now holds the console open on "SYNTAX OK".
  +     <li> Apache/Win32 no longer holds open the console on error unless
  +       it was invoked from a shortcut with the -w option.
  +     <li> mod_user was significantly refactored to assure that the UserDir
  +       directive is parsed effectively the same across platforms, fixing
  +       a UserDir bug introduced in 1.3.17 on the Win32 platform.
      </ul>
  +<p>
      Selected new features relating to other platforms:
      <ul>
  -     <li>Better discovery of <tt>dbm_open()</tt> under Linux.
  -     <li>Linux 2.2.x and later do not need a serialised single listener.
  +     <li> Netware problems with file extension truncatation are resolved.
  +     <li> Netware recognizes the SERVER/VOLUME:/PATH/FILE filename pattern.
  +     <li> Netware mod_tls properly disables nagle for SSL connections,
  +       and properly negotiates SSL based on the port.
  +     <li> Startup and Shutdown issues were addressed on TPF.
      </ul>
  -
  -
  -
  +<p>
  +<hr>
  +  <TABLE WIDTH="100%" CELLSPACING=0 CELLPADDING=0>
  +    <TR><TD VALIGN=top ALIGN=left>Thank you for using Apache!</TD>
  +    <TD VALIGN=top ALIGN=right><A HREF="http://httpd.apache.org"><IMG BORDER=0
SRC="apache_pb.gif" ALIGN=top></A></TD></TR>
  +   </TABLE>
   </BODY></HTML>
  
  
  
  1.15      +59 -37    apache-site/dist/Announcement.txt
  
  Index: Announcement.txt
  ===================================================================
  RCS file: /home/cvs/apache-site/dist/Announcement.txt,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -u -r1.14 -r1.15
  --- Announcement.txt	2001/01/30 02:10:30	1.14
  +++ Announcement.txt	2001/02/26 15:22:09	1.15
  @@ -1,24 +1,25 @@
   
  -                            Apache 1.3.17 Released
  +                            Apache 1.3.19 Released
                                          
      The Apache Software Foundation and The Apache Server Project are
  -   pleased to announce the release of version 1.3.17 of the Apache HTTP
  -   server. Version 1.3.15 was not released due to problems when
  -   tagging the tree. Version 1.3.16 was not released due to
  -   some last minute bug fixes required after it was tagged.
  -   
  -   This version of Apache is primarily a bug fix release, addressing
  -   some broken functionality present in the 1.3.14 release and
  -   various Win32 issues. There are, however, a few new features and
  -   improvements. A summary of the new features is given at the end of
  -   this document.
  +   pleased to announce the release of version 1.3.19 of the Apache HTTP
  +   server. (Version 1.3.18 was not released due to an incorrect fix
  +   addressing hostnames with url-escaped characters. A corrected fix will
  +   be included in the next release)
  +   
  +   This version of Apache is primarily a security fix release
  +   addressing a problem which could lead to a direcvtory listing being
  +   displayed in place of an error message. Also, it fixes    
  +   some broken functionality present in the 1.3.17 release and
  +   various Win32 issues.
  +   A summary of the new features is given at the end of this document.
      
  -   We consider Apache 1.3.17 to be the best version of Apache available
  +   We consider Apache 1.3.19 to be the best version of Apache available
      and we strongly recommend that users of older versions, especially of
      the 1.1.x and 1.2.x family, upgrade as soon as possible. No further
      releases will be made in the 1.2.x family.
      
  -   Apache 1.3.17 is available for download from
  +   Apache 1.3.19 is available for download from
      
        http://httpd.apache.org/dist/
        
  @@ -29,6 +30,11 @@
      
        http://httpd.apache.org/dist/binaries/
        
  +   The source and binary distributions are also available via any of the
  +   mirrors listed at
  +   
  +     http://www.apache.org/mirrors/
  +     
      As of Apache 1.3.12 binary distributions contain all standard Apache
      modules as shared objects (if supported by the platform) and include
      full source code. Installation is easily done by executing the
  @@ -37,12 +43,17 @@
      distributions are only provided for your convenience and current
      distributions for specific platforms are not always available.
      
  -   The source and binary distributions are also available via any of the
  -   mirrors listed at
  +   As of Apache 1.3.17 the Win32 binary distribution is now based on the
  +   Microsoft Installer (.MSI) technology.  This change occured in order
  +   to resolve the many problems WinME and Win2K users experienced with
  +   the older InstallShield-based installer .exe file.  Development
  +   continues to make this new installation method more robust, questions
  +   should be directed at the news:comp.infosystems.www.servers.ms-windows
  +   news group.  Apache 1.3.17 for Win32 also marked the first 'initial 
  +   release quality' version available for Win32, and users are strongly
  +   discouraged from using the older 'beta quality releases'.
      
  -     http://www.apache.org/mirrors/
  -     
  -   For an overview of new features in 1.3 please see
  +   For an overview of new features introduced after 1.2 please see
      
        http://httpd.apache.org/docs/new_features_1_3.html
        
  @@ -61,29 +72,40 @@
      version, but is of acceptable quality. Any Win32 stability or security
      problems do not impact, in any way, Apache on other platforms.
      
  -                          Apache 1.3.17 Major changes
  -                                       
  +                         Apache 1.3.19  Major changes
  +
  +   The primary security fix is:
  +     * The default installation could lead mod_negotiation and mod_dir or
  +       mod_autoindex to display a directory listing instead of the 
  +       multiview'ed index.html.* files, if a very long path was created 
  +       artificially by using many slashes.  Now 403 FORBIDDEN is returned.
  +                                            
      The bug fixes are:
  -     * Correct handling of request byte ranges as specified by RFC 2616.
  +     * The ServerRoot directive now removes trailing slashes.
        * Restore functionality broken by the mod_rewrite security fix:
  -       rewrite map lookup keys and default values are now expanded
  -       so that the lookup can depend on the requested URI etc.
  -     * PHP now works under Unixware 7.
  -     * Eliminate caching problems of mod_autoindex results.
  -     * Win32 CGI execution on all Windows platforms is corrected.
  -     * NetWare file and path fixes.
  +       The mod_rewrite string arithmetic is corrected for rewrite map.
  +     * Some possible segfault conditions have been fixed.
  +     * Under certain circumstances, Apache did not supply the
  +       right response headers when requiring authentication.
          
      The main new features include:
  -     * Add a new LogFormat directive, %c.
  -     * mod_status now respects ?refresh=n of 1 or greater.
  -     * mod_autoindex fixes browser caching by sending LastModified
  -       and ETag headers if IndexOptions TrackModified is enabled.
  +     * New configuration error reporting if the UserDir argument is set
  +       to a relative path on Win32 or Netware [which do not support home
  +       directories], or a relative path on any platform if that path
  +       includes the '*' username substitution.
   
      Selected new features that relate to Windows platforms:
  -     * Complete handling of ScriptInterpreterSource Registry execution.
  -     * NT and 2000 services can be started with -D FOO style options.
  -     * The close console window button/menu option on 95 and 98 works.
  -       
  +     * Apache on Win9x now ensures the service is stopped before removal.
  +     * Test httpd.conf (-t) now holds the console open on "SYNTAX OK".
  +     * Apache/Win32 no longer holds open the console on error unless
  +       it was invoked from a shortcut with the -w option.
  +     * mod_user was significantly refactored to assure that the UserDir
  +       directive is parsed effectively the same across platforms, fixing
  +       a UserDir bug introduced in 1.3.17 on the Win32 platform.
  +            
      Selected new features relating to other platforms:
  -     * Better discovery of dbm_open() under Linux.
  -     * Linux 2.2.x and later do not need a serialised single listener.
  +     * Netware problems with file extension truncatation are resolved.
  +     * Netware recognizes the SERVER/VOLUME:/PATH/FILE filename pattern.
  +     * Netware mod_tls properly disables nagle for SSL connections,
  +       and properly negotiates SSL based on the port.
  +     * Startup and Shutdown issues were addressed on TPF.
  
  
  

Mime
View raw message