Earlier this week a CERT
advisory detailed how malicious HTML tags can be embedded
in client web requests. The problem is not specific to Apache
and has wide reaching consequences for anyone who uses web
servers or writes scripts for them. The Apache Software
Foundation has published comprehensive
details of the problem which includes a patch that can be
applied to Apache 1.3.11 to address some of the issues.
Apache Site: www.apache.org
Release: 1.3.11 (Released 21st January
Apache 1.3.11 is the current stable release. Users of Apache
1.3.6 and earlier on Unix systems should upgrade to this
version. Users of Apache on Windows can now upgrade to Apache
1.3.11 avoiding the previous problems with Apache 1.3.6. Read
to 1.3.11 for information about changes between 1.3.9 and
1.3.11 and the Guide to
1.3.9 for information about changes between 1.3.6 and
Most bugs listed below include a link to the entry in the
Apache bug database where the problem is being tracked. These
entries are called "PR"s (Problem Reports). Some bugs do not
correspond to problem reports if they are found by
Patches for bugs in Apache 1.3.11 will be made available in
the apply_to_1.3.11 subdirectory of the patches
directory on the Apache site. Some new features and other
unofficial patches are available in the 1.3
patches directory. For details of all previously reported
bugs, see the Apache bug
database and known
bugs pages. Many common configuration questions are
answered in the Apache FAQ.
The majority of development work is now being focussed on
Apache 2.0, with the hopes of a public beta-test version
being available within the first quarter of this year.
A Windows binary for Apache 1.3.11 has now been made
available from the Apache Site.
If you've not booked your vacation for this year, consider a
luxurious week at the glorious ApacheCon 2000 World
Resort in the heart of Orlando, Florida. You'll be surrounded
by all your favourite Apache characters (comedy ears and
all), and have the opportunity to experience white-knuckle
rides such as "Secure Financal Transactions with Open Source"
and "Everything you always wanted to know about XML parsing".
The Gartner Group published a report last month;
Debunking Open-Source Myths: Origins and Players, aimed
to show that businesses should take Open Source seriously.
The report tries to debunk the myths and hype surrounding
Open Source, but in doing so manages to create myths of its
own. One example is the statement, "The Apache and PERL
projects are maintained in large part by full-time employees
of O'Reilly and Associates." which is certainly not true
for Apache (none of the core developers are employees of
O'Reilly) and not even true for Perl.
Little change for Apache in the January Netcraft server
survey with Apache-based servers commanding a fraction
under 60% market share.