httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: 1.2b6 is ready for release
Date Mon, 27 Jan 1997 02:00:42 GMT
On Sun, 26 Jan 1997, Randy Terbush wrote:
> It's ready. Really...

Okay, here's the proposed announcement.  I'd like to send this out late, like
midnight or so, after I do my 2.1 upgrade.


Apache 1.2b6 released

The sixth beta of Apache 1.2 has now been released.  Yet again, there are
significant number of bugfixes and a few enhancements - if you are running a
beta of 1.2 at all, you should upgrade to 1.2b6, for both stability and
security reasons.  We hope that there will be only one more beta after this, as
a release candidate, and if there's no problems with that 1.2 final will be
released.  A complete list of changes appears below.

Most significantly, we have replaced a majority of the calls to "sprintf" to
"snprintf", which should help prevent the type of stack-scribbling hole as was
found recently in mod_cookies.  Because "snprintf" isn't in libraries on all
machines, we have provided our own snprintf utility - if your platform has an
"snprintf" routine which is considered stable and robust, let us know at and we will consider having it use the native version on
your platform. By default Apache will use its own snprintf routine.

Another major bug fix involved tracking down the FIN_WAIT_2 problem many of you
have noted.  This is a very complex problem, as it involves finding and
triggering related bugs in server and client TCP/IP kernel stacks and client
software.  We think we have found the best solution, and have instrumented
error reporting to help track down related problems - if you still have a
problem with sockets hanging in FIN_WAIT_2 status let us know.  Note that some
vendors, such as BSDI, have started supplying kernel patches to force
FIN_WAIT_2 connections to time out, which certainly helps alleviate the

Finally, the "suexec" functionality has been significantly enhanced,
incorporating fixes for both functionality and security.  If you use the setuid
features of Apache at all you should upgrade.

There are many more fixes, but you get the idea.  1.2b5 was never publicly
released, we built it and then found a serious problem right after doing so,
and chose to fix the problem and release 1.2b6.  

As usual, thank you for using Apache!

   The Apache Group


[include snippet from CHANGES file]

View raw message