Apache Week
   
   Issue 349, 1st October 2004:  

Copyright 1996-2005
Red Hat, Inc.

In this issue


Apache httpd 2.0.52 Released

Apache httpd 2.0.52 was released on 28th September 2004 and is now the latest version of the httpd 2.0 server. The previous version was 2.0.51, released on the 15th September 2004. See what was new in Apache httpd 2.0.51.

Apache httpd 2.0.52 is available for download.

This is a security, bug fix and minor upgrade release, correcting a security issue that was introduced in the 2.0.51 build. Due to the security issues fixed in recent versions, any sites using versions of 2.0 prior to Apache httpd 2.0.52 should consider upgrading to Apache httpd 2.0.52. Read more about the other security issues that affect 2.0.

Security issues

  • Fix a problem introduced in the 2.0.51 release in the merging of the Satisfy directive, which was applied to the surrounding context and could prevent authorisation checks from being applied. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0811 to this issue.

New features

The following new features have been added in httpd 2.0.52:

  • rotatelogs: Add support for the -l option which enables logging in local time (BZ#24417)

Bugs fixed

The following bugs have been fixed in httpd 2.0.52:

  • mod_ldap: fix possible crashes if the LDAP cache is disabled
  • mod_mem_cache: fix a race condition which could cause a segfault
  • fix the AllowEncodedSlashes directive to really allow URIs with encoded slashes

In the news

ApacheCon 2004

It seems like only a few issues ago when we were wrapping up our coverage from ApacheCon 2003. Now it's time to tell you that you'll need to hurry if you want to catch ApacheCon 2004, held again at the Alexis Park Hotel in Las Vegas in November. All the usual Apache developers and groupies will be there, but unlike previous years we won't be writing it up for the newsletter; we'd prefer to get you to go and register for the conference and turn up in person. Also blogging seems to have caught on, so we'll be able to link to lots of interesting reports from the conference without having to leave the bar ourselves. The complete schedule for the talks and tutorials is now online and includes sessions on new ASF projects SpamAssassin and Derby, as well as presentations on all your favourite projects and modules.


This issue brought to you by: Mark J Cox, Joe Orton
Comments or criticisms? Please email us at editors@apacheweek.com