Apache 1.3.26 was released on 18th June 2002 and is
now the latest version of the Apache 1.3 server. The previous
release was 1.3.24, released on the 22nd March 2002.
what was new in Apache 1.3.24. Apache 1.3.25 was never
Apache 1.3.26 is available in source form for compiling on
Unix or Windows, for download from the main Apache site
or from any mirror
This is a security, bug fix and minor upgrade release.
Due to security issues, any sites using versions prior to
Apache 1.3.26 should upgrade to Apache 1.3.26.
about the other security issues that affect Apache 1.3.
The main new features in 1.3.26 (compared to 1.3.24) are:
- Add text/xml, application/xhtml+xml,
audio/mpeg, and video/quicktime
mime types to the mime types magic file. PR#7730
- Added a -F flag which causes the supervisor process to
no longer fork down and detach and instead stay attached to
the tty. This allows integration with daemontools. PR#7628
The following bugs were found in Apache 1.3.24 and have been
fixed in Apache 1.3.26:
- Allow child processes sufficient time for cleanups but making
ap_select in reclaim_child_processes more "resistant" to
signal interrupts. BZ#8176
- In Darwin, place dynamically loaded
Apache extensions' public symbols into the global symbol
table. This allows dynamically loaded PHP extensions.
- Fix for a problem in mod_rewrite which would lead to 400 Bad Request
responses for rewriting rules which resulted in a local path.
Note: This will also reject invalid requests as issued by
Netscape-4.x Roaming Profiles (on a DAV-enabled server)
- Recognize platform-specific root directories (other than
leading slash) in mod_rewrite for filename rewrite rules.
- Disallow anything but whitespace on the request line after the
HTTP/x.y protocol string to prevent arbitrary user input from
ending up in the access_log and error_log. Also control characters
are now escaped.
- A large number of fixes in mod_proxy including: adding support
for dechunking chunked responses, correcting a timeout problem
which would force long or slow POST requests to close after 300
seconds PR#7552, adding "X-Forwarded" headers, dealing correctly with the
multiple-cookie header bug, ability to handle unexpected
100-continue responses sent during PUT or POST commands, and a
change to tighten up the Server header overwrite bug-fix.