httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: svn commit: r94 - in /dev/httpd: Announcement2.2.html Announcement2.2.txt
Date Sat, 06 Mar 2010 12:52:57 GMT
On Sat, Mar 6, 2010 at 7:41 AM,  <trawick@apache.org> wrote:
> Author: trawick
> Date: Sat Mar  6 07:41:31 2010
> New Revision: 94
>
> Log:
> minor tweaks, especially to mention continued compatibility with APR 1.3
>
> Modified:
>    dev/httpd/Announcement2.2.html
>    dev/httpd/Announcement2.2.txt
>
> Modified: dev/httpd/Announcement2.2.html
> ==============================================================================
> --- dev/httpd/Announcement2.2.html (original)
> +++ dev/httpd/Announcement2.2.html Sat Mar  6 07:41:31 2010
> @@ -68,7 +68,8 @@
>    APR-util library version 1.3.9, bundled with the tar and zip distributions.
>    The APR libraries libapr and libaprutil (and on Win32, libapriconv) must
>    all be updated to ensure binary compatibility and address many known
> -   security and platform bugs.
> +   security and platform bugs.  Apache Portable Runtime (APR) version 1.3
> +   continues to be supported; the latest release, 1.3.12, should be used.

This reference to binary compatibility isn't strictly true for
existing users of httpd 2.2.  (They don't need to upgrade APR* for
binary compatibility.)  Here's a long-winded way to separate APR*
MAJ.MIN compatibility from the need for bug fixes.

Apache HTTP Server 2.2.15 is compatible with Apache Portable Runtime
(APR) versions 1.3 and 1.4, APR-util library version 1.3, and
APR-iconv library version 1.2.  Generally, the latest releases should
be used to address known security and platform bugs.  At this time,
the recommended releases are

* Apache Portable Runtime (APR) versions 1.4.2 (bundled with httpd
2.2.15) and 1.3.12 (available separately)
* APR-util library version 1.3.9 (bundled with httpd 2.2.15)
* APR-iconv library version 1.2.1 (bundled with httpd 2.2.15 for Windows)

Other releases of these libraries have known vulnerabilities or other
defects affecting httpd.

Mime
View raw message