Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 2.0.51 Changelog
  • SECURITY: CVE-2004-0786 (cve.mitre.org) Fix an input validation issue in apr-util which could be triggered by malformed IPv6 literal addresses. [Joe Orton]
  • SECURITY: CVE-2004-0747 (cve.mitre.org) Fix buffer overflow in expansion of environment variables in configuration file parsing. [André Malo]
  • SECURITY: CVE-2004-0809 (cve.mitre.org) mod_dav_fs: Fix a segfault in the handling of an indirect lock refresh. PR 31183. [Joe Orton]
  • mod_include no longer checks for recursion, because that's done in the core. This allows for careful usage of recursive SSI. [André Malo]
  • Fix memory leak in the cache handling of mod_rewrite. PR 27862. [chunyan sheng , André Malo]
  • Include directives no longer refuse to process symlinks on directories. Instead there's now a maximum nesting level of included directories (128 as distributed). This is configurable at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch. PR 28492. [André Malo]
  • Win32: apache -k start|restart|install|config can leave stranded piped logger processes (eg, rotatelogs.exe) due to improper server shutdown on these code paths. [Bill Stoddard]
  • SECURITY: CVE-2004-0751 (cve.mitre.org) mod_ssl: Fix a segfault in the SSL input filter which could be triggered if using "speculative" mode, for instance by a proxy request to an SSL server. PR 30134. [Joe Orton]
  • mod_rewrite: Add %{SSL:...} and %{HTTPS} variable lookups. PR 30464. [Joe Orton, Madhusudan Mathihalli]
  • mod_ssl: Add new 'ssl_is_https' optional function. [Joe Orton]
  • Prevent CGI script output which includes a Content-Range header from being passed through the byterange filter. [Joe Orton]
  • Satisfy directives now can be influenced by a surrounding container. PR 14726. [André Malo]
  • mod_rewrite now officially supports RewriteRules in sections. PR 27985. [André Malo]
  • mod_disk_cache: Implement binary format for on-disk header files. [Brian Akins , Justin Erenkrantz]
  • mod_disk_cache: Optimize network performance of disk cache subsystem by allowing zero-copy (sendfile) writes and other miscellaneous fixes. [Justin Erenkrantz]
  • mod_cache, mod_disk_cache, mod_mem_cache: Refactor cache modules, and switch to the provider API instead of hooks. [Justin Erenkrantz]
  • mod_autoindex: Don't truncate the directory listing if a stat() call fails (for instance on a >2Gb file). PR 17357. [Joe Orton]
  • Makefile fix: httpd is linked against LIBS given to the 'make' invocation. PR 7882. [Joe Orton]
  • WinNT MPM: Fix a broken log message at termination. PR 28063. [Eider Oliveira ]
  • Prevent Win32 pool corruption at startup [Allan Edwards]
  • mod_ssl: Add "SSLUserName" directive to set r->user based on a chosen SSL environment variable. PR 20957. [Martin v. Loewis ]
  • suexec: Pass the SERVER_SIGNATURE envvar through to CGIs. [Zvi Har'El ]
  • apachectl: Fix a problem finding envvars if sbindir != bindir. PR 30723. [Friedrich Haubensak ]
  • mod_ssl: Build on RHEL 3. PR 18989. [Justin Erenkrantz]
  • SECURITY: CVE-2004-0748 (cve.mitre.org) mod_ssl: Fix a potential infinite loop. PR 29964. [Joe Orton]
  • mod_ssl: Avoid startup failure after unclean shutdown if using shmcb. PR 18989. [Joe Orton]
  • mod_userdir: Ensure that the userdir identity is used for suexec userdir access in a virtual host which has suexec configured. PR 18156. [Joshua Slive]
  • mod_rewrite no longer confuses the RewriteMap caches if different maps defined in different virtual hosts use the same map name. PR 26462. [André Malo]
  • mod_setenvif: Remove "support" for Remote_User variable which never worked at all. PR 25725. [André Malo]
  • Backport from 2.1 / Regression from 1.3: mod_headers now knows again the functionality of the ErrorHeader directive. But instead using this misnomer additional flags to the Header directive were introduced ("always" and "onsuccess", defaulting to the latter). PR 28657. [André Malo]
  • Use the higher performing 'httpready' Accept Filter on all platforms except FreeBSD < 4.1.1. [Paul Querna]
  • mod_usertrack: Escape the cookie name before pasting into the regexp. [André Malo]
  • Extend the SetEnvIf directive to capture subexpressions of the matched value. [André Malo]
  • Recursive Include directives no longer crash. The server stops including configuration files after a certain nesting level (128 as distributed). This is configurable at compile time using the -DAP_MAX_INCLUDE_DEPTH switch. PR 28370. [André Malo]
  • mod_dir: the trailing-slash behaviour is now configurable using the DirectorySlash directive. [André Malo]
  • Allow proxying of resources that are invoked via DirectoryIndex. PR 14648, 15112, 29961. [André Malo]
  • util_ldap: Switched the lock types on the shared memory cache from thread reader/writer locks to global mutexes in order to provide cross process cache protection. [Brad Nicholes]
  • util_ldap: Reworked the cache locking scheme to eliminate duplicate cache entries in the credentials cache due to race conditions. [Brad Nicholes]
  • util_ldap: Enhanced the util_ldap cache-info display to show more detail about the contents and current state of the cache. [Brad Nicholes]
  • Enable the option to support anonymous shared memory in mod_ldap. This makes the cache work on Linux again. [Graham Leggett]
  • Enable special ErrorDocument value 'default' which restores the canned server response for the scope of the directive. [Geoffrey Young, André Malo]
  • work around MSIE Digest auth bug - if AuthDigestEnableQueryStringHack is set in r->subprocess_env allow mismatched query strings to pass. PR 27758. [Paul Querna, Geoffrey Young]
  • Accept URLs for the ServerAdmin directive. If the supplied argument is not recognized as an URL, assume it's a mail address. PR 28174. [André Malo, Paul Querna]
  • initialize server arrays prior to calling ap_setup_prelinked_modules so that static modules can push Defines values when registering hooks just like DSO modules can ["Philippe M. Chiasson" ]
  • Small fix to allow reverse proxying to an ftp server. Previously an attempt to do this would try and connect to 0.0.0.0, regardless of the server specified. PR 24922 [Pascal Terjan ]
  • Add the NOTICE file to the rpm spec file in compliance with the Apache v2.0 license. [Graham Leggett]
  • RPM spec file changes: changed default dependancy to link to db4 instead of db3. Fixed complaints about unpackaged files. [Graham Leggett]