Apache 2.0.40 was released on 9th August 2002 and is now
the latest version of the Apache server. This is the fourth stable
release of Apache 2.0, following up on 2.0.39 which was released on
18th June 2002. Read our special
feature for more information about the history of Apache
Apache 2.0.40 is available in source form for compiling on Unix or
Windows, for download from the main Apache site or from
any mirror download
This is a security, bug fix and minor upgrade release.
Due to security issues, any sites using versions of Apache 2
on Unix prior to
Apache 2.0.39 should upgrade to Apache 2.0.40. Sites using
any versions of Apache 2 on other platforms should upgrade to
The new features in this release (added since 2.0.39) are:
mod_rewrite can now set cookies using the CO extension
- Performance improvements for the code that reads request
- Proxy FTP now works over IPv6
- Changes to the internationalized error documents; they are no longer
included by default in the sample configuration file.
- Add a new directive, MaxMemFree.
MaxMemFree makes it possible
to configure the maximum amount of memory a particular
childs allocator will
hold on to for reuse. This directive is useful when uncommon large
peaks occur in memory usage.
- Support the -w flag on to keep the Win32 console open
- Add the ability to enable or disable a filter via
an environment variable.
- Apache on Netware will now pull requests off of the
listen queue as fast as winsock will allow without latency introduced by the
- During installation Apache will preserve existing installation
directories. Binaries, the build directory, the headers, and the man
pages are all copied. Everything else, the config, htdocs, manual,
error, icons, and cgi directories are not installed if the directories
The bugs fixed in this release include:
- Fix a long-standing bug in 2.0, CGI scripts were being called
with relative paths instead of absolute paths. Apache 1.3 used
absolute paths for everything except for SuExec, this brings back
- Restore the ability to specify host names on Listen directives.
- Accept multiple leading /'s for requests within the DocumentRoot.
- Fixed a mod_include error case in which no HTTP
response was sent to the client if an shtml document contained an
unterminated SSI directive
- Prevent infinite recursion if an ErrorDocument
gets an error
- Fix segfault in mod_mem_cache most frequently observed when
serving the same file to multiple clients on an multi-processor machine
- Various fixes to the experimental module mod_ext_filter
including: Look in the main server for
filter definitions when running in a vhost if the filter definition is
not found in the vhost, BZ#10147.
Fix a segmentation fault if the content-type was not set,
BZ#10617, and ignore any content-type parameters when checking if
the response should be filtered.
- Fix infinite loop due to two HTTP_IN filters being present for
internally redirected requests. BZ#10146
- Fixed the Content-Length filter so that HTTP/1.0 requests to CGI
scripts would not result in a truncated response.
- Fix proxy so that it is possible to access ftp: URLs via a proxy
- Fix perchild to work with apachectl by adding -k support to perchild.
- Fix the long-standing bug in ab where
ab -t10 would loop for 10000 seconds
instead of 10 as documented. Also fix an off-by-one-second error
- Fixed parsing of strings to longs which allows HTTPD to deal
with larger files correctly
mod_deflate now checks to make sure that
'gzip-only-text/html' is set so that BrowserMatch
can be used to control the module
- Add a filter_init parameter to the filter registration functions
so that a filter can execute arbitrary code before the handlers
are invoked. This resolves a problem where mod_include requests
would incorrectly return a 304. BZ#9673
- A problem with the keepalive enumeration caused problems
when mod_dav sends error responses
- Various minor fixes to the htpasswd utility including
The following platform-specific changes have been made:
- Solved the reports of .pdf byterange failures on Win32.
- Support WinNT CGI invocation through
'registry' for script interpreter paths and names with non-ascii
characters in the executable filepath
- Fix WinNT cgi 500 errors when QUERY_ARGS or other strings include
extended characters (non US-ASCII) in non-utf8 format. This brings
Win32 back into CGI/1.1 compliance, and leaves charset decoding up
to the cgi application itself
- When deciding on the default address family for listening sockets,
make sure we can actually bind to an AF_INET6 socket before
deciding that we should default to AF_INET6. This fixes a startup
problem on certain levels of OpenUNIX. BZ#10235