Return-Path: 
 <announce-return-654-apmail-announce-archive=apache.org@apache.org>
Delivered-To: apmail-announce-archive@www.apache.org
Received: (qmail 2554 invoked from network); 5 Jun 2009 19:51:36 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 5 Jun 2009 19:51:36 -0000
Received: (qmail 73750 invoked by uid 500); 5 Jun 2009 19:51:29 -0000
Delivered-To: apmail-announce-archive@apache.org
Received: (qmail 73501 invoked by uid 500); 5 Jun 2009 19:51:28 -0000
Mailing-List: contact announce-help@apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:announce-help@apache.org>
List-Unsubscribe: <mailto:announce-unsubscribe@apache.org>
List-Post: <mailto:announce@apache.org>
List-Id: <announce.apache.org>
Delivered-To: mailing list announce@apache.org
Delivered-To: moderator for announce@apache.org
Received: (qmail 13778 invoked by uid 99); 5 Jun 2009 18:03:46 -0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Message-ID: <4A295D88.3070708@apache.org>
Date: Fri, 05 Jun 2009 13:01:44 -0500
From: "William A. Rowe, Jr." <wrowe@apache.org>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: APR Developer List <dev@apr.apache.org>, announce@apache.org
Subject: Apache Portable Runtime 1.3.5 and APR-Utility 1.3.7 Released
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

   The Apache Software Foundation and the Apache Portable Runtime
   Project are proud to announce the General Availability of
   version 1.3.5 of the APR Apache Portable Runtime library, and
   version 1.3.7 of the companion APR-util Apache Portable Utility
   library.

   The corresponding version 1.2.1 of the companion APR-iconv library,
   an alternative portable implementation of the 'iconv' library,
   remains current.

   APR is available for download from:

     http://apr.apache.org/download.cgi

   This version of APR is a security and bug fix release, including
   fixes for specific platforms' configuration, feature detection,
   and run time behavior.  Most developers and users are encouraged
   to adopt the latest APR 1.x version to ensure the most comprehensive
   support and access to the latest features and enhancements.

   The security fixes in the APR-util library release 1.3.7 must be
   evaluated  in the context of how APR-consuming applications use them
   to determine if the application provides untrusted input to these
   specific functions, to determine if they represent vulnerabilities
   to the specific application.  Refer questions to such APR-consuming
   projects for further guidance.  These fixes (which are similarly
   corrected in the concurrent APR-util 0.9.17 release) include;

    * Fixed a denial of service attack against the apr_xml_* interface
      using the "billion laughs" entity expansion technique.
      [Joe Orton]

    * CVE-2009-0023 (cve.mitre.org);
      Fixed an underflow from the match pattern to apr_strmatch_precompile.
      [Matthew Palmer <mpalmer debian.org>]

    * Fixed an off by one overflow in apr_brigade_vprintf.
      [C. Michael Pilato <cmpilato collab.net>]

   The mission of the Apache Portable Runtime Project is to create
   and maintain software libraries that provide a predictable and
   consistent interface to underlying platform-specific
   implementations. The primary goal is to provide an API to
   which software developers may code and be assured of predictable
   if not identical behavior regardless of the platform on which
   their software is built, relieving them of the need to code
   special-case conditions to work around or take advantage of
   platform-specific deficiencies or features.

   APR and its companion libraries are implemented entirely in C
   and provide a common programming interface across a wide variety
   of operating system platforms without sacrificing performance.
   Currently supported platforms include:

     UNIX variants
     Windows
     Netware
     Mac OS X
     OS/2

   To give a brief overview, the primary core
   subsystems of APR 1.3 include the following:

     Atomic operations
     Dynamic Shared Object loading
     File I/O
     Locks (mutexes, condition variables, etc)
     Memory management (high performance allocators)
     Memory-mapped files
     Multicast Sockets
     Network I/O
     Shared memory
     Thread and Process management
     Various data structures (tables, hashes, priority queues, etc)

   For a more complete list, please refer to the following URLs:

     http://apr.apache.org/docs/apr/modules.html
     http://apr.apache.org/docs/apr-util/modules.html

   Users of APR 0.9 should be aware that migrating to the APR 1.x
   programming interfaces may require some adjustments; APR 1.x is
   neither source nor binary compatible with earlier APR 0.9 releases.
   Users of APR 1.x can expect consistent interfaces and binary backwards
   compatibility throughout the entire APR 1.x release cycle, as defined
   in our versioning rules:

     http://apr.apache.org/versioning.html

   APR is already used extensively by the Apache HTTP Server
   version 2 and the Subversion revision control system, to
   name but a few.  We list all known projects using APR at
   http://apr.apache.org/projects.html -- so please let us know
   if you find our libraries useful in your own projects!