httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] Is Win32 Apache ready for prime time?
Date Wed, 30 May 2007 05:48:08 GMT
Jess Holle wrote:
> William A. Rowe, Jr. wrote:
>> morgan gangwere wrote:
>>   
>>> i will agree that the win32 version of apache is *godly* stable - im
>>> running somwthing like 2.2.3 win32 - a nice stable version.
>>>     
>> Note that 2.2.4 fixed a *number* of bugs (and introduced one into Win2000,
>> the flaw of resolving all clients as 0.0.0.0 - disable win32 acceptex to
>> work around that one).  2.2.5 will be substantially improved over 2.2.4,
>> as well.
>>   
> That's nice to hear.
> 
> When will 2.2.5 see the light of day, though?

Given interesting news that hit the light of day, early next week, most
likely.  Depends on how long it takes someone to hack the pid table for
the parent processes out of the scoreboard and into the parent process's
local hash.  I have a laundry list of other issues in front of me, and
my clients aren't silly enough to run untrusted code - so I'm not likely
to be 'that author'.

apr rolled in a day or two at most, httpd this weekend as apr and that
fix are authored, so that puts us out to a release early-mid next week.
At least that's what I'm hoping happens.

This 'vulnerability' on bugtraq only affects machines which run untrusted
php/modperl scripts or modules, etc, and I'm pretty certain php has more
restrictive mode for sanity that is immune to this vector.

Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message