httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: Bugs still present in 1.2.4 (fwd)
Date Thu, 18 Sep 1997 20:58:30 GMT
Hi David,

Prior to october 96 we didn't have any accurate method of tracking bugs. 
That's when we instituted the bug tracking system.  The bug report you're
talking about was carried around by hand in our regular status reports for
a long time before being entered ... and I think it's safe to say that in
may 97 we were all pretty tired from a grueling 1.2 beta cycle where we
cleared out a lot of stuff.

PR#543 has been the topic of recent discussion, and more related PRs.  The
reason it hasn't been solved yet is that we have concerns about security
issues involving %2F.  But given that one of my consulting clients has
probed me on the issue I'll probably dig into it more in the next few
weeks.

The URL you gave below doesn't have a fully qualified host name, could you
supply the full hostname?  Thanks. 

Dean

On Thu, 18 Sep 1997, Rob Hartill wrote:

> ---------- Forwarded message ----------
> Date: Thu, 18 Sep 1997 12:44:05 -0400
> From: David Fielding <fielding@exchange.CS.Cornell.edu>
> To: apache-bugs@apache.org
> Subject: Bugs still present in 1.2.4
> 
> Apache bugs:
> 
> [Please take the tone of this message as a simple inquiry into a bug we
> reported over a year ago. Recently our customers have been asking if the
> old bug we claim is stopping them from using Apache still exists. I am
> now investigating this bug and it appears to still be a problem. Don't
> take this as some screaming at you, as I realize one might if you read
> it the wrong way.]
> 
> In checking your web site I see that you have yet to fix the problem
> with PATH_INFO containing encode slashes (%2f). This is reported as
> PR#543 entered on May 4, 1997. We reported this problem with supporting
> %2f in PATH_INFO over a year ago. Since then we have been advising many
> of our institutional sites that run our digital library software
> (Dienst/NCSTRL) that Apache does not work due to a bug.
> 
> http://ncstrl/Dienst/htdocs/dienst_install/faq_install.html#Question2
> 
> Jim Davis (Cornell/Xerox) reported this bug June 14th of last year.
> Apache folks acknowledged this bug. His report does not show up in your
> bug tracking system. (At least I am unable to find it)
> 
> PR#543 takes the tone this bug us not important and is not a priority to
> get fixed. Its been over a year
> and I am wondering if you have any idea when you will fix this problem?
> 
> I see more and more sites that are attempting to set up NCSTRL servers
> with Apache only to find
> out about this bug and that they need CERN/NCSA software. Most switch or
> set up and extra server.
> 
> We have had a few people ask if our FAQ message from 8/96 telling folks
> not to use Apache is still valid. They feel the bug must have been fixed
> by now. 
> 
> I guess I am surprised that a "bug" could get ignored for so long,
> especially when it does not sound like a very difficult bug to track
> down and fix. I hope you will increase the priority of this bug and let
> us know when we can start telling people they can use Apache.
> 
> Thanks,
> David
> 
> 


Mime
View raw message