A security problem with a number of HTTP servers (including
Apache) was noted this week. The problem lies in some of the
example C code that is used for the cgi-bin
programs. There is a patch available and the sample programs
have been changed for release 1.1
Version 1.0.3 remains the stable, public, released version.
A number of patches for 1.1b0a were submitted. This will
probably be released to the public as 1.1b1 in March.