httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <>
Subject Re: 1.2b6 is ready for release
Date Mon, 27 Jan 1997 03:05:46 GMT

Looks fine. Happy upgrade. :)

> On Sun, 26 Jan 1997, Randy Terbush wrote:
> > It's ready. Really...
> Okay, here's the proposed announcement.  I'd like to send this out late, like
> midnight or so, after I do my 2.1 upgrade.
> ########
> Apache 1.2b6 released
> The sixth beta of Apache 1.2 has now been released.  Yet again, there are
> significant number of bugfixes and a few enhancements - if you are running a
> beta of 1.2 at all, you should upgrade to 1.2b6, for both stability and
> security reasons.  We hope that there will be only one more beta after this, as
> a release candidate, and if there's no problems with that 1.2 final will be
> released.  A complete list of changes appears below.
> Most significantly, we have replaced a majority of the calls to "sprintf" to
> "snprintf", which should help prevent the type of stack-scribbling hole as was
> found recently in mod_cookies.  Because "snprintf" isn't in libraries on all
> machines, we have provided our own snprintf utility - if your platform has an
> "snprintf" routine which is considered stable and robust, let us know at
> and we will consider having it use the native version on
> your platform. By default Apache will use its own snprintf routine.
> Another major bug fix involved tracking down the FIN_WAIT_2 problem many of you
> have noted.  This is a very complex problem, as it involves finding and
> triggering related bugs in server and client TCP/IP kernel stacks and client
> software.  We think we have found the best solution, and have instrumented
> error reporting to help track down related problems - if you still have a
> problem with sockets hanging in FIN_WAIT_2 status let us know.  Note that some
> vendors, such as BSDI, have started supplying kernel patches to force
> FIN_WAIT_2 connections to time out, which certainly helps alleviate the
> problem.
> Finally, the "suexec" functionality has been significantly enhanced,
> incorporating fixes for both functionality and security.  If you use the setuid
> features of Apache at all you should upgrade.
> There are many more fixes, but you get the idea.  1.2b5 was never publicly
> released, we built it and then found a serious problem right after doing so,
> and chose to fix the problem and release 1.2b6.  
> As usual, thank you for using Apache!
>    The Apache Group
> ######
> [include snippet from CHANGES file]

View raw message