Apache 2.0 offers numerous enhancements, improvements and performance boosts over the 1.3 codebase. The most visible and noteworthy addition is the ability to run Apache in a hybrid thread/process mode on any platform that supports both threads and processes. This has shown to improve the scalability of the Apache HTTP Server significantly in our testing. Apache 2.0 also includes support for filtered I/O. This allows modules to modify the output of other modules before it is sent to the client. We have also included support for IPv6 on any platform that supports IPv6.
Software License: Freeware
Operating Systems Support: Microsoft Windows, Linux
Download Link: Apache 2.0.53
Homepage: Apache
Version ChangeLog:
SECURITY: CAN-2004-0942 (cve.mitre.org)
Fix for memory consumption DoS in handling of MIME folded request
headers. [Joe Orton]
SECURITY: CAN-2004-0885 (cve.mitre.org)
mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
bypassed during an SSL renegotiation. PR 31505.
[Hartmut Keil , Joe Orton]
Fix --with-apr=/usr and/or --with-apr-util=/usr. PR 29740.
[Max Bowsher ]
mod_proxy: Fix ProxyRemoteMatch directive. PR 33170.
[Rici Lake ]
mod_proxy: Respect errors reported by pre_connection hooks.
[Jeff Trawick]
--with-module can now take more than one module to be statically
linked: --with-module=:,:,...
If the -subdirectory doesn't exist it will be created and
populated with a standard Makefile.in. [Erik Abele]
Fix the RPM spec file so that an RPM build now works. An RPM
build now requires system installations of APR and APR-util.
Remove some arbitrary moving around of binaries - the RPM now
maps to the ASF build of httpd.
[Graham Leggett]
mod_dumpio, an I/O logging/dumping module, added to the
modules/expermimental subdirectory. [Jim Jagielski]
mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
library handles special characters. PR 24437. [Jess Holle]
Win32 MPM: Correct typo in debugging output. [William Rowe]
conf: Remove AddDefaultCharset from the default configuration because
setting a site-wide default does more harm than good. PR 23421.
[Roy Fielding]
Add charset to example CGI scripts. [Roy Fielding]
mod_ssl: fail quickly if SSL connection is aborted rather than
making many doomed ap_pass_brigade calls. PR 32699. [Joe Orton]
Remove compiled-in upper limit on LimitRequestFieldSize.
[Bill Stoddard]
Start keeping track of time-taken-to-process-request again for
mod_status if ExtendedStatus is enabled. [Jim Jagielski]
mod_proxy: Handle client-aborted connections correctly. PR 32443.
[Janne Hietamäki, Joe Orton]
Fix handling of files >2Gb on all platforms (or builds) where
apr_off_t is larger than apr_size_t. PR 28898. [Joe Orton]
mod_include: Fix bug which could truncate variable expansions
of N*64 characters by one byte. PR 32985. [Joe Orton]
Correct handling of certain bucket types in ap_save_brigade, fixing
possible segfaults in mod_cgi with #include virtual. PR 31247.
[Joe Orton]
Allow for the use of --with-module=foo:bar where the ./modules/foo
directory is local only. Assumes, of course, that the required
files are in ./modules/foo, but makes it easier to statically
build/log "external" modules. [Jim Jagielski]
Util_ldap: Implemented the util_ldap_cache_getuserdn() API so that
ldap authorization only modules have access to the util_ldap
user cache without having to require ldap authentication as well.
PR 31898. [Jari Ahonen jah progress.com, Brad Nicholes]
mod_auth_ldap: Added the directive "Requires ldap-attribute" that
allows the module to only authorize a user if the attribute value
specified matches the value of the user object. PR 31913
[Ryan Morgan ]
mod_ssl: Fail at startup rather than segfault at runtime if a
client cert is configured with an encrypted private key.
PR 24030. [Joe Orton]
apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
[Joe Orton]
mod_ldap: Fix format strings to use %APR_PID_T_FMT instead of %d.
[Jeff Trawick]
mod_cache: CacheDisable will only disable the URLs it was meant to
disable, not all caching. PR 31128.
[Edward Rudd , Paul Querna]
mod_cache: Try to correctly follow RFC 2616 13.3 on validating stale
cache responses. [Justin Erenkrantz]
mod_rewrite: Handle per-location rules when r->filename is unset.
Previously this would segfault or simply not match as expected,
depending on the platform. [Jeff Trawick]
mod_rewrite: Fix 0 bytes write into random memory position.
PR 31036. [André Malo]
mod_disk_cache: Do not store aborted content. PR 21492.
[Rüiger Plü ]
mod_disk_cache: Correctly store cached content type. PR 30278.
[Rüiger Plü ]
mod_ldap: prevent the possiblity of an infinite loop in the LDAP
statistics display. PR 29216. [Graham Leggett]
mod_ldap: fix a bogus error message to tell the user which file
is causing a potential problem with the LDAP shared memory cache.
PR 31431 [Graham Leggett]
mod_disk_cache: Do not store hop-by-hop headers. [Justin Erenkrantz]
Fix the re-linking issue when purging elements from the LDAP cache
PR 24801. [Jess Holle ]
mod_disk_cache: Fix races in saving responses. [Justin Erenkrantz]
Fix Expires handling in mod_cache. [Justin Erenkrantz]
Alter mod_expires to run at a different filter priority to allow proper Expires storage by mod_cache. [Justin Erenkrantz]
