httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregg L. Smith" <>
Subject Re: [VOTE] 1.3.42 release candidate
Date Sat, 09 Jan 2010 00:37:33 GMT
818dd957edfb2d4747887029dd786332c1bfa7b0  apache_1.3.42.tar.gz
builds, starts and serves content on win32 ... about as far as I've got 
though since my old configs are long gone.

I was going to chime in on the prior thread leading to this release and 
just never found the time to, so will now.

I personally think this branch should just be *retired* ... period.
I think that
"Security updates may continue to be provided by another means"
should be
"Security updates will no longer be provided by any means"

Using the word "may" leaves the user with hope that he/she can still run 
this version for another n years when the true goal is to have him/her 
migrate to 2.2+. No?

I also think a 2.0.64 should be done as well and in that case you could 
continue to use the "may continue to be provided" statement providing a 
set date for true retirement is included as others had said. Migrating 
from 2.0 to 2.2 however is not as big a deal as jumping off 1.3 to the 
2.x branches IIRC.

JMHO & Regards

Colm MacCárthaigh wrote:
> There is a 1.3.42 release candidate for testing, and voting, at;
> As per the changes, there are two updates;
>  *) SECURITY: CVE-2010-0010 (
>      mod_proxy: Prevent chunk-size integer overflow on platforms
>      where sizeof(int) < sizeof(long). Reported by Adam Zabrocki.
>      [Colm MacCárthaigh
>   *) Protect logresolve from mismanaged DNS records that return
>      blank/null hostnames. [Jim Jagielski]
> Notes;
> this is intended as the final release of Apache httpd 1.3, which has
> reached end of life. Security updates may continue to be provided by
> another means (see the CHANGES file for details).
> Apache httpd 1.3's "./configure" script does not work with some
> versions of "dash". Please change the hash-bang line to execute a
> bourne-compatible shell, such as "/bin/bash" on platforms affected.
> Many thanks in advance for your help and testing.

View raw message