Apache httpd 2.0.50 was released on 1st July 2004
and is now the latest version of the httpd 2.0 server. The
previous version was 2.0.49, released on the 19th
March 2004. See what was
new in Apache httpd 2.0.49.
Apache httpd 2.0.50 is
available for download.
This is a security, bug fix and minor upgrade release. Due to
security issues, any sites using versions of 2.0 prior to Apache
httpd 2.0.50 should upgrade to Apache httpd 2.0.50. Read more about the other security issues
that affect 2.0.
The following new features have been added in httpd
- inclusion of new forensic logging module,
RequestHeader directive can be used
mod_alias: warnings will be issued at
startup if aliases which overlap are configured
The following bugs have been fixed in httpd 2.0.50:
- core: a VirtualHost specified by hostname will be used for
all addresses which that hostname resolves to; log files can exceed
the 2Gb size limit on some 32-bit platforms (BZ#13511); correctly NUL-terminate long request lines
before logging (BZ#28376); fix crash with no Listen
many stability and LDAP connection handling issues fixed along
with several other bug fixes (BZ: #24801, #22602, #26390, #28250, #19304, #24437, #27748, #17274)
mod_cgi: fix handling of CGI script stderr output
(BZ: #22030, #18348)
mod_ssl: fix a segfault in SSL shutdown handling, and
several session caching fixes (BZ: #27945, #26562, #27751)
mod_rewrite: fix handling of forward proxy requests (BZ#295292)
mod_dav: fix a MKCOL response code and a crash in lock
handling on some platforms (BZ#29034)
mod_isapi: header and variable handling bugs (BZ: #20656, #20619, #20617)
- misc: fix memory consumption in
mod_deflate, handling of empty headers in
mod_headers, a segfault in
- support tools: htpasswd uses APR temporary file handling,
and handles files with empty lines; htdbm handles comments
- Unix-specific: handle new connections even when the number
of file descriptors in use exceeds the platform's FD_SETSIZE
definition; check that the suexec binary is really setuid root
- Win32-specific: prevent a server hang when the number of
Listen directives exceeds the
Less than a month to go before the annual O'Reilly Open
Source Convention opens its doors in Portland, Oregon. This
year the conference runs from July 26-30 with many tracks of
interest to Apache users.
Got a great idea for a presentation that would interest ApacheCon
attendees? The conference planners recently released a Call for
Papers for the upcoming conference in Las Vegas in November this
year. Proposals are due in just a few weeks.
If the prospect of early Christmas shopping in Vegas doesn't
appeal how about submitting a proposal to "OSCOM.4 with
ApacheTracks" in Zurich in October?
In this section we highlight some of the articles on the web
that are of interest to Apache users.
Rich Bowen publishes more often than Apache Week, and this time he's
helping users choose between Apache 1.3 and 2.0 in another "A
Day in the Life of #Apache".
Fortunately the first step in the SecurityFocus article "Securing Apache
2: Step-by-Step" isn't to turn off your server. Instead, this
short guide gives a good set of tips and tricks including how to
get Apache 2 running in a chroot jail.
Dan Wellman gives Dev Shed readers a brief insight into "Configuring
and Using Virtual Hosts in Apache".