In this issue

A new version of the stable Apache 1.2 series has been released, after a period of testing. The Apache 1.2 series consists of bug and security fixes for Apache 1.2 itself. Users of any 1.2 versions should update to 1.2.6. The 1.2 series will continue to be maintained until Apache 1.3 comes out of beta testing.

Apache Site: www.apache.org
Release: 1.2.6 (Released 24^th March 1998) (local download sites)
Beta: 1.3b5 (Released 19^th February 1998) (local download sites)

Apache 1.2.6 is the current stable release. Users of Apache 1.2.5 and earlier should upgrade to this version since it fixes a number of bugs and potential security problems.

The bugs listed below now include a link to the entry in the Apache bug database where the problem is being tracked. These entries are called "PR"s (Problem Reports). Some bugs do not correspond to problem reports if they are found by developers.

These bugs have been found in 1.3 and will be fixed in the next beta (1.3b6)

• Child processes created by Apache modules inherit the "listening" sockets, if the server has been HUP or USR1'ed in the past. PR#2000.
• The proxy module refused to serve requests which included the sequence %2F in the URL.
• The proxy module incorrectly handles requests with no path (e.g. http://host).
• HostnameLooksups was supposed to default to "off", but it did not.

Patches for bugs in Apache 1.2.6 may be made available in the apply_to_1.2.6 subdirectory of the patches directory on the Apache site (this directory may not exist if no patches are available). Some new features and other unofficial patches are available in the 1.2 patches directory (these may not apply cleanly to 1.2.6). For details of all previously reported bugs, see the Apache bug database and known bugs pages. Many common configuration questions are answered in the Apache FAQ.

Development has slowed down to prepare for the release of Apache 1.3. During the beta release cycle Apache is in a "feature freeze" where no major new features will be added.

Some of the messages logged to the error log will contain more information, as from the next beta release. For example, the error message which currently says "getpwuid: couldn't determine user name from uid" will now identify the UID which cannot be found, and suggest that the User directive may need altering.

The German-language publication Linux Magazin contains a performance comparison between Apache and Roxen (the article is not available online). The tests involved up to 192 clients concurrently requesting pages. They measured the responsiveness of the server, and the "load average" of the host server system. Apache answered requests between two and three times as fast as Roxen. However they noticed that with Apache the system's load average was considerably higher: with 192 clients, the Roxen system had a load of 0.9, while Apache's system had a load of 47. It also had a few timeouts at the highest hit-rate and had some "zombie" processes. The article summarised that Roxen was much better in high load situations than Apache. This may not be a valid conclusion. Firstly, a server which has lower performance will not make as much use of resources; secondly, the "load average" is a very poor measure of server performance, and thirdly, some zombie processes would be seen temporarily at high loads, especially with only 64Mb of memory.

Apache is listed as an example of free software in a TechWeb article: Free Software's Quiet Influence. Unfortunately the story concentrates on "GPL" licensed software, and does not make it clear that many important free software packages - such as Apache - are not subject to the GPL.