Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 1.3.12 Changelog
  • Only OS/2 requires the addition "t" flag for ap_pfopen() (as therefore fopen() as well). This is handled by the FOPEN_REQUIRES_T macro. [Ian Turner , Jim Jagielski] PR#5760
  • The default charset is only added, when enabled, for those Content-types which require it (text/plain, text/html). [Jim Jagielski] PR#5766
  • Fix handling of multiple queries in APXS commands (e.g. "apxs -q CC CFLAGS") and make sure Perl-related command line options (which can contain the "::" constructs) do no longer cause an incorrect internal parsing of the query result. [Ralf S. Engelschall, Steve Robb ]
  • Avoid infinite looping in APACI's configure script inside Ultrix' /bin/sh5 upgrade step. [Jan Gallo , Ralf S. Engelschall] PR#4940
  • PORT: Add support for Amdahl UTS 4.3 and later. [Dave Dykstra ] PR#5654
  • Make implementation/descriptions of the FLAG directives AuthAuthoritative, MetaFiles and ExtendedStatus consistent with documentation and the standard way of implementation those directives. [David MacKenzie , Ralf S. Engelschall] PR#5642
  • Cast integer ap_wait_t values in http_main.c to get rid of compile time errors on platforms where "ap_wait_t" is not defined as "int" (currently only the NEXT and UTS21 platforms). [Gary Bickford , Ralf S. Engelschall] PR#5053
  • The default suexec path was HTTPD_ROOT/sbin/suexec if not configured via APACI. Changed to HTTPD_ROOT/bin/suexec. [Lars Eilebrecht]
  • Add an explicit charset=iso-8859-1 to pages generated by ap_send_error_response(), such as the default 404 page. [Marc Slemko]
  • Add the AddDefaultCharset directive. This allows you to specify the given character set on any document that does not have one explicitly specified in the headers. [Marc Slemko, Jim Jagielski]
  • SECURITY: CVE-2000-1205 ( Properly escape various messages output to the client from a number of modules and places in the core code. [Marc Slemko]
  • SECURITY: CVE-2000-1205 ( Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to not consider any parameters such as charset when making decisions based on content type. This does remove some functionality for some users, but means that when these modules are configured to do particular things with particular MIME types, the charset should not be included. A better way of addressing this for users who want to set things on a per charset basis is necessary in the future. [Marc Slemko]
  • SECURITY: CVE-2000-1205 ( mod_include now entity encodes output from "printenv" and "echo var" by default. The encoding for "echo var" can be set to URL encoding or no encoding using the new "encoding" attribute to the echo tag. [Marc Slemko]